CVE-2024-8342

CVE-2024-8342 affects SourceCodester Petshop Management System 1.0. The vulnerability is in the /controllers/add_client.php handler, where manipulation of the image_profile parameter enables unrestricted file upload. This may allow remote attackers to upload arbitrary files, potentially leading t...

CVE-2024-43700

CVE-2024-43700 concerns xfpt with versions prior to 1.01, where improper handling of input data can cause a stack-based buffer overflow, allowing arbitrary code execution when a crafted file is opened. The issue is repeatedly documented across Linux distributions and advisories: Debian DLA-3977-1...

CVE-2024-8112 thinkgem JeeSite Cookie login cross site scripting

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. T...

CVE-2024-8022 Genexis Tilgin Home Gateway cross site scripting

A vulnerability was found in Genexis Tilgin Home Gateway 322AS0500-03051305. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/voodview.cgi?lang=EN&act=user/specconf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The...

CVE-2024-7925

CVE-2024-7925 (ZZCMS 2023) affects the component handling file 3/E_bak5.1/upload/eginfo.php. The issue arises from manipulating the phome argument with the input ShowPHPInfo, which leads to information disclosure. The vulnerability supports remote exploitation (attack vector: network). The availa...

CVE-2024-7754

SourceCodester Clinics Patient Management System 1.0 contains a SQL injection vulnerability in /ajax/check_medicine_name.php via the user_name parameter. The issue is remote-exploitable and has been publicly disclosed. Several sources (including PT Security and other CVE aggregations) corroborate...

CVE-2024-42238

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...

CVE-2024-42238

CVE-2024-42238 : In the Linux kernel, the vulnerability in firmware CS_DSP handling was resolved. The issue allowed processing to overrun when a block header exceeded remaining data, due to prior behavior in cs_dsp_load()/cs_dsp_load_coeff() which would loop until enough data remained instead of ...

CVE-2024-42238 firmware: cs_dsp: Return error if block header overflows file

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...

CVE-2024-7458

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversa...

CVE-2024-7362

A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely...

CVE-2024-40799

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may...

CVE-2024-7159

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been rated as critical. This issue affects some unknown processing of the file /webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been...

Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MOV...

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

CVE-2024-6941

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2024-6941

ThinkSAAS 3.7.0 is affected by a cross-site scripting vulnerability in the processing of app/system/action/do.php. The issue arises from manipulating arguments site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp, enabling potential remote exploitation. The PT-Securi...

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE arises from the use of uncontrolled format strings when processing binary files. This allows a hacker to trigger a service failure.

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

CVE-2024-6439

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated...

ClamAV VirusEvent File Processing Command Injection Vulnerability

...