CVE-2024-6188

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

CVE-2024-6188 Parsec Automation TrackSYS pagedefinition direct request

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

CVE-2024-6182

CVE-2024-6182 affects LabVantage LIMS 2017. The vulnerability is a cross-site scripting flaw in the file path /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y, caused by manipulation of the sdcid/keyid1 parameter. It can be exploited remotely; exploitation is disclosed publ...

CVE-2024-6128

Spa-Cartcms (spa-cartcms) v1.9.0.6 Checkout Page has a vulnerability in the /checkout processing where manipulating the quantity argument with -10 enforces a behavioral workflow. The issue is remotely triggerable and publicly disclosed. The PT-2024-37404 entry provides concrete details and recomm...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app terminati...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app terminati...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app terminati...

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

CVE-2024-24685

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of commen...

CVE-2024-5385

CVE-2024-5385 affects oretnom23 Online Car Wash Booking System 1.0. A cross-site scripting flaw exists in the /admin/?page=user/list endpoint triggered by manipulating the First Name/Last Name field with a script payload. The issue is exploitable remotely and involves user interaction. Documented...

CVE-2024-5379 JFinalCMS template cross site scripting

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-5373

CVE-2024-5373 affects Kashipara College Management System 1.0. The issue is a cross-site scripting vulnerability in submit_login.php where manipulation of the argument usertype enables XSS. The attack is potentially remote, and the exploit has been disclosed publicly. Connected sources consistent...

CVE-2024-5361

CVE-2024-5361 refers to a SQL injection vulnerability in PHPGurukul Zoo Management System 2.1, specifically in the file /admin/normal-bwdates-reports-details.php where the parameter fromdate can be manipulated to trigger database injection. Several connected records corroborate remote exploitatio...

CVE-2024-5337 Ruijie RG-UAC user_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sysuser/usercommit.php. The manipulation of the argument email2/username leads to os command injection. The attack may be initiated...

CVE-2024-5240

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unreadmsg.php. The manipulation of the argument myindex leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5107

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to sql injection. The attack may be...

The vulnerability of the command-line interface of FortiOS operating systems allows a hacker to execute arbitrary code by sending specially crafted requests.

The vulnerability of the command-line interface of FortiOS operating systems is related to the use of uncontrolled format lines when processing binary files. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted requests...

GHSA-M9FV-WHQ2-6WMC Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...