Hardcoded credentials

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

GHSA-22R3-9W55-CJ54 Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

PT-2024-20873 · Code Projects · Code-Projects Simple School Managment System

Name of the Vulnerable Software and Affected Versions: Code-projects Simple School Managment System version 1.0 Description: The issue allows SQL Injection via the apass parameter at the "School/index.php" endpoint. This could potentially lead to unauthorized access to sensitive data...

PT-2024-19458 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can ...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

PT-2024-13230 · Westermo · Westermo Lynx

Name of the Vulnerable Software and Affected Versions: Westermo Lynx affected versions not specified Description: A potential attacker with access to the Westermo Lynx device could execute malicious code, affecting the device's correct functioning. Recommendations: At the moment, there is no...

PT-2024-20226 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...

PYSEC-2024-147

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

PYSEC-2024-147

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

PT-2024-17307 · Munsoft · Munsoft Easy Outlook Express Recovery

Name of the Vulnerable Software and Affected Versions: Munsoft Easy Outlook Express Recovery version 2.0 Description: A problematic issue has been found in the Registration Key Handler component, leading to denial of service. Local access is required to exploit this issue. The exploit has been...

PT-2024-17346 · South River · South River Webdrive

Name of the Vulnerable Software and Affected Versions: South River WebDrive version 18.00.5057 Description: A vulnerability was found in the New Secure WebDAV component, which can lead to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the...

PT-2024-14050 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions up to and including 2024R1 Description: A stored cross-site scripting XSS vulnerability in the NOC component allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality...

PT-2024-19642 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue allows a remote attacker to run arbitrary code via a crafted URL, exploiting a Cross Site Scripting vulnerability in the input parameter. Recommendations: For eyoucms version 1.6.5, consider...

PT-2024-19639 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: A Cross Site Scripting XSS issue exists in the is water parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. This enables the attacker to potentially steal user data or take...

PT-2024-1440 · Kaspersky · Kaspersky Security 8.0 For Linux Mail Server

Name of the Vulnerable Software and Affected Versions: Kaspersky Security 8.0 for Linux Mail Server Description: The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize speci...

PT-2024-11748 · Sparx Systems · Enterprise Architect

Name of the Vulnerable Software and Affected Versions: Enterprise Architect version 16.0.1605 Description: The issue allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box. This can be exploited by attackers to execute unauthorized SQL queries...

PT-2024-20366 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the desc parameter in the setWiFiAclRules function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...

PT-2024-19520 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A user enumeration issue was found, occurring during user authentication. This issue allows an attacker to determine if a username is valid or not through differences in error messages, enabling a...

PT-2024-1820 · Unknown · Schlix Cms

Name of the Vulnerable Software and Affected Versions: Schlix CMS version 2.2.8-1 Description: The issue is related to an arbitrary file upload vulnerability in the core.mediamanager component of Schlix CMS, which allows remote authenticated attackers to execute arbitrary code and obtain sensitiv...