CVE-2024-8168

The CVE-2024-8168 issue affects code-projects Online Bus Reservation Site 1.0, specifically a SQL injection in the login.php file via the Username parameter. The vulnerability is exploitable remotely and has been disclosed publicly. Multiple connected sources (Red Hat, NVD, CVE list, CNVD/CNNVD, ...

PT-2024-38739 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The issue was initially considered but further investigation showed it does not pose a security risk as it falls within the expected functionality and security controls of th...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and...

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data...

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data...

CVE-2024-28987

SolarWinds Web Help Desk (WHD) is affected by a hardcoded credential vulnerability that allows remote, unauthenticated access to internal functionality and data modification. Affected versions are WHD

CVE-2024-43247

Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5...

CVE-2024-43250

CVE-2024-43250 concerns Bit Form Pro (WordPress plugin). Connected sources confirm an Incorrect Authorization vulnerability in Bit Form Pro, affecting versions up to 2.6.4, enabling Missing Authorization to update settings for Subscriber+ accounts. Root cause: ACL-related permission checks not pr...

CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload

A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...

CVE-2024-43825

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-43825 iio: Fix the sorting functionality in iio_gts_build_avail_time_table

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-43825 iio: Fix the sorting functionality in iio_gts_build_avail_time_table

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-38688

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-41651

The connected sources show a vulnerability in Prestashop up to version 8.1.7 where arbitrary code execution is possible via the module upgrade feature. The exploit is described as requiring the ability to hijack network requests made by an admin user, a condition that is disputed by some parties....

CVE-2024-41651

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user who, by...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-42035

CVE-2024-42035 concerns a permission control vulnerability in the App Multiplier module. The NVD entry lists a HIGH impact across confidentiality, integrity, and availability with LOCAL attack vector, LOW complexity, and no user interaction required, while Huawei/CNA data cite the same issue with...