CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

PT-2024-38571 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...

CVE-2024-39571

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 HF1. Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP...

The vulnerability of the l2cap_le_flowctl_init() function in the Linux kernel’s Bluetooth protocol implementation allows a attacker to cause a service failure.

The vulnerability of the l2capleflowctlinit function in the net/bluetooth/l2capcore.c module of the Linux operating system’s Bluetooth kernel implementation is related to the lack of input data validation. Exploiting this vulnerability could allow a remote attacker to cause service failures...

CVE-2024-5421

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below...

CVE-2024-5421 Authenticated Command Injection

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below...

CVE-2024-5410

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting XSS.This issue affects IAP-420 version 2.01e and below...

CVE-2024-5411 Command Injection

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below...

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysOperLogMapper.xml findPage...

Command Injection

github.com/cea-hpc/sshproxy is vulnerable to Command Injection. The vulnerability is due to missing input santization when constructing the ssh command string, which allows an authorized user to inject options into the ssh command executed by sshproxy...

Exploit for Command Injection in Tp-Link Archer_Ax21_Firmware

ntps nuclei templates headless bing-searchheadless...

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the authRoleList function in the...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. A SQL injection vulnerability exists in Small CRM, which stems from a lack of validation of externally-entered SQL statements in the change password handler. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

openSUSE: Security Advisory for freerdp (SUSE-SU-2023:0399-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-47355

The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...

CVE-2023-47355

The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...

QNAP Multiple Products Security Breach

QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. A security vulnerability exists in multiple QNAP products that stems from a buffer copy vulnerability that does not check the input size. The vulnerability could allow an...

Exploit for Improper Authentication in Ivanti Connect_Secure

CVE-2023-46805 Scanner CVE-2023-46805 Scanner for possible...

Debian: Security Advisory (DSA-5571-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46800

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...