CVE-2024-5335

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

Dell SupportAssist for Home PCs 代码问题漏洞

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A code issue vulnerability exists in Dell SupportAssist for Home PCs version 4.0.3, which stems from the...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2255)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-6377

The CVE-2024-6377 entry describes an open redirect vulnerability in 3DPassport within 3DSwymer, affecting Release 3DEXPERIENCE R2022x through R2024x. The issue allows an attacker to redirect users to an arbitrary website via a crafted URL. Affected component/function is 3DPassport in 3DSwymer; ro...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2024-7934

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely...

CVE-2024-42815

In the TP-Link RE365 V1180213, there is a buffer overflow vulnerability due to the lack of length verification for the USERAGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

Exploit for Classic Buffer Overflow in Kimmov Frhed

CVE-2023-4590 - PoC of Frhed Free hex editor v1...

PT-2024-38699 · Unknown · Itsourcecode Project Expense Monitoring System

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file execute.php. The manipulation of the code argument leads to sql injection. This issue...

powerpc/pseries: Fix scv instruction crash with kexec

...

CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component...

CVE-2024-42678

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component...

CVE-2024-42676

Huizhi enterprise resource management system v1.0 and earlier is affected by a File Upload vulnerability in the /nssys/common/Upload.aspx?Action=DNPageAjaxPostBack endpoint that allows remote code execution. The issue arises from the file upload functionality, enabling an attacker to run arbitrar...

CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

Ubuntu: Security Advisory (USN-6961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : BusyBox vulnerabilities (USN-6961-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6961-1 advisory. It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...

CVE-2022-27486

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1...

CVE-2024-36398

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application executes a subset of its services as NT AUTHORITY\SYSTEM. This could allow a local attacker to execute operating system commands with elevated privileges...