CVE-2024-47407

CVE-2024-47407 concerns mySCADA myPRO Manager, where a parameter in a command fails input validation, enabling an unauthenticated remote attacker to inject arbitrary OS commands. Connected sources confirm this is an unauthenticated command-injection vulnerability affecting MyPRO Manager versions ...

kernel: drm/amdgpu: validate the parameters of bo mapping operations more clearly

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpuvmbomap/replacemap/clearingmappings in one common place...

PT-2024-34407 · Sourcecodester · Sourcecodester Survey Application System

Name of the Vulnerable Software and Affected Versions: SourceCodester Survey Application System version 1.0 Description: The issue is related to SQL Injection in the takeSurvey.php file via the id parameter. This allows for potential exploitation. Recommendations: For SourceCodester Survey...

CVE-2024-20532

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

CVE-2024-20527

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

PT-2024-18675 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. This...

CVE-2024-10653

CVE-2024-10653 affects CHANGING Information Technology IDExpert. The root cause is improper validation of a parameter in the administrator interface, enabling remote attackers with administrative privileges to inject and execute OS commands on the server. Affected versions include IDExpert up to ...

CVE-2024-10652

CVE-2024-10652 affects CHANGING Information Technology’s IDExpert product. The vulnerability arises from improper validation of a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavaScript by performing a Reflected XSS. Affected versions are referenced ...

CVE-2024-10651

CVE-2024-10651 concerns IDExpert by CHANGING Information Technology, where the administrator interface fails to properly validate a specific parameter. The underlying issue allows remote attackers who have administrator privileges to read arbitrary system files, per the CVE description and multip...

CHANGING IDExpert 安全漏洞

CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. A security vulnerability exists in CHANGING IDExpert versions 2.5 to 2.8, which originates from incorrectly validating specific...

CHANGING IDExpert 跨站脚本漏洞

CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. A cross-site scripting vulnerability exists in CHANGING IDExpert versions 2.5 through 2.8, which originates from incorrectly validati...

PT-2024-16431 · Changing Information Technology · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert from CHANGING Information Technology affected versions not specified Description: The issue is related to improper validation of a parameter for a specific functionality in IDExpert, allowing unauthenticated remote attackers to injec...

VulnCheck KEV: CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

CVE-2024-9983

Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

FormosaSoft ee-class 安全漏洞

FormosaSoft ee-class is a recording software from China-based FormosaSoft. A security vulnerability exists in versions prior to FormosaSoft ee-class 20240326.13r14494, which stems from failure to properly validate certain page parameters, which could allow a remote attacker with regular privilege...

Ragic Enterprise Cloud Database 安全漏洞

Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate specific page parameters, allowing an unauthenticated, remote...

CVE-2024-9923

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...

TEAMPLUS Team+ 安全漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A security vulnerability exists in TEAMPLUS Team+ that stems from incorrect validation of specific page parameters, which allows a remote attacker with administrator...

TEAMPLUS Team+ 安全漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A security vulnerability exists in TEAMPLUS Team+ that originates from incorrectly validating specific page parameters, which allows an unauthenticated, remote attacker to...

PT-2024-39937 · Teamplus Technology · Team+

Name of the Vulnerable Software and Affected Versions: Team+ versions affected versions not specified Description: The issue is related to the improper validation of a specific page parameter in Team+ by TEAMPLUS TECHNOLOGY, allowing unauthenticated remote attackers to read arbitrary system files...