119 matches found
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...
Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Dee...
Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97252)
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS due t...
CVE-2023-34391 Insecure Inherited Permissions
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...
GHSA-5946-8P38-VFFP Apache Airflow Improper Input Validation vulnerability
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
CVE-2023-22888
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
MAL-2023-2320 Malicious code in tkcaleendar (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8ab410b220be583d348a263f180ddcaa0b9794fc3995fdd3fb2ddf55b2235fa9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-2321 Malicious code in tkcalenadr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7cf03379278d5958cb3faa876beea8f932ec37224f21479165c81786494fec4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1930 Malicious code in opepyxl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 710fd696d07dc5bcc41cf801dcdaf3ef949e2c20e05e3e3f508b0a7bec644cc4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-2290 Malicious code in ssolana (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b4ea13928d62f924413b7a31047699e4fd799255f702cf6bd50c2701b2f31b1b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1660 Malicious code in bitcoinli (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0e186eefad42a87c5451039d0b8f5c6552f86f3ef1707a6c88cde28b994ad26a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1699 Malicious code in crptofeed (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 793d4363e6ceb58df1dd2d6a6a3bc75200fffa52391745347aac316139cde11c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Governance manipulation through signatures
Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...
Stealing liquidity provider's fund by manipulating the reserve
Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...
PT-2022-25409 ยท Unknown ยท Hostel Searching Project
Name of the Vulnerable Software and Affected Versions: Hostel Searching Project affected versions not specified Description: A critical issue has been found in the Hostel Searching Project, affecting the file view-property.php. The manipulation of the property id argument leads to SQL injection...
CVE-2022-34652
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...
Sql injection
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...