87 matches found
PT-2024-12111 · Unknown · Cs-Cart Multivendor
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...
PT-2024-31262 · Unknown · Online Complaint Site
Name of the Vulnerable Software and Affected Versions: Online Complaint Site version 1.0 Description: The issue allows a remote attacker to escalate privileges via the username and password parameters in the "/admin.index.php" API endpoint. Recommendations: For Online Complaint Site version 1.0,...
PT-2024-30257 · Unknown · Tosei Online Store Management System
Name of the Vulnerable Software and Affected Versions: TOSEI online store management system versions v4.02 through v4.04 Description: An issue in the downloader.php component allows attackers to execute a directory traversal. Recommendations: For versions v4.02 through v4.04, consider disabling t...
PT-2024-30107 · Xxl-Job · Xxl-Job
Name of the Vulnerable Software and Affected Versions: xxl-job version 2.4.1 Description: The issue allows a remote attacker to execute arbitrary code via the Sub-Task ID component due to insecure permissions. Recommendations: For xxl-job version 2.4.1, consider disabling the Sub-Task ID componen...
PT-2024-22552 · Koha Ils · Koha Ils
Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the additonal-contents.pl component. Recommendations: For versions 23.05 and earlier, consider disabling acces...
PT-2024-28911 · Publiccms · Publiccms
Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue concerns an arbitrary file upload vulnerability in the /admin/cmsWebFile/save component, allowing attackers to execute arbitrary code by uploading a crafted file. Recommendations: For...
PT-2024-37440 · Unknown · Ez-Suite Ez-Partner
Name of the Vulnerable Software and Affected Versions: EZ-Suite EZ-Partner version 5 Description: A vulnerability has been found in the Forgot Password Handler component, leading to basic cross site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosu...
PT-2024-27110 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is a Cross-Site Request Forgery CSRF that affects the component "/admin/idcProType deal.php?mudi=add&nohrefStr=close". This allows for unauthorized requests to be made on behalf of the user...
PT-2024-27114 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "admin/vpsClass deal.php?mudi=del". This issue allows for unauthorized requests to be made on behalf of the user. Recommendations: For...
PT-2024-25161 · Realtek Semiconductor · Realtek High Definition Audio Function Driver
Name of the Vulnerable Software and Affected Versions: Realtekr High Definition Audio Function Driver version 6.0.9549.1 Description: An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtekr High Definition Audio Function Driver allows attackers to escalate privileges and...
PT-2024-25190 · Unknown · Library System
Name of the Vulnerable Software and Affected Versions: Library System version V1.0 Description: An issue in the Library System allows a remote attacker to execute arbitrary code via the FAILE variable in the student edit photo.php component. Recommendations: For Library System version V1.0,...
PT-2024-20077 · Quest · Quest Kace Agent For Windows
Name of the Vulnerable Software and Affected Versions: Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 Description: An issue exists in the KSchedulerSvc.exe component, allowing local attackers to delete any file of their choice with NT AuthoritySYSTEM privileges. This is due to an...
PT-2024-25265 · Hisiphp · Hisiphp
Name of the Vulnerable Software and Affected Versions: hisiphp version 2.0.111 Description: An issue in hisiphp allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Recommendations: For hisiphp version...
PT-2024-19656 · Unknown · Jgrapht Core
Name of the Vulnerable Software and Affected Versions: JGraphT Core version 1.5.2 Description: A NullPointerException was discovered in JGraphT Core via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compareDouble, Double. However, the existence of this issue is disputed by multipl...
PT-2024-23670 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...
PT-2024-24026 · Francoisjacquet · Rosariosis
Name of the Vulnerable Software and Affected Versions: francoisjacquet RosarioSIS version 11.5.1 Description: A disputed issue affects the Add Portal Note component, leading to cross-site scripting. The attack can be initiated remotely. The vendor notes that the PDF is opened by the browser app i...
PT-2024-22961 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was discovered in DedeCMS, specifically via the component /src/dede/makehtml homepage.php, allowing a remote attacker to execute arbitrary code. Recommendations: For...
PT-2024-19579 · Timo · Timo
Name of the Vulnerable Software and Affected Versions: Timo version 2.0.3 Description: The issue allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Recommendations: For Timo version 2.0.3, consider disabling the...
PT-2024-20423 · Unknown · Employee Management System
Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...
PT-2024-13444 · Imou Go · Imou Go
Name of the Vulnerable Software and Affected Versions: IMOU GO version 1.0.11 Description: An issue in the com.oneed.dvr.service.DownloadFirmwareService component allows attackers to force the download of arbitrary files. Recommendations: For IMOU GO version 1.0.11, consider disabling the...