925 matches found
UBUNTU-CVE-2024-8926
Bypass of CVE-2024-4577, Parameter Injection Vulnerability...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...
Perforce Helix Core 安全漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...
ABB Cylon Aspect 3.07.00 Remote Code Execution
ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...
CVE-2024-29731
CVE-2024-29731 corresponds to a SQL injection vulnerability in SportsNET 4.0.1. The issue affects the vulnerable API endpoint /app/ax/checkBlindFields/ and can be exploited via crafted input in the parameters idChallenge and idEmpresa to retrieve, update, or delete all database information. Multi...
Hitachi Energy MicroSCADA X SYS600 参数注入漏洞
Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. The Hitachi Energy MicroSCADA X SYS600 suffers from a paramet...
Mini Inventory and Sales Management System 安全漏洞
Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...
PT-2024-38702 · Unknown · Itsourcecode Project Expense Monitoring System
Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical vulnerability was found in the itsourcecode Project Expense Monitoring System. This issue affects the file printtransfer.php and is related to the manipulation...
CVE-2024-7808
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...
Mitel 6800 Series、6900 Series和6900w Series 安全漏洞
Mitel 6800 Series and others are a series of phones from Mitel Canada. A security vulnerability exists in the Mitel 6800 Series, 6900 Series, and 6900w Series that stems from an insufficient parameter cleanup vulnerability that allows an attacker to conduct a parameter injection attack, which cou...
Mitel多款产品 安全漏洞
Mitel 6800 Series and others are a series of phones from Mitel Canada. A security vulnerability exists in various Mitel products that stems from insufficient parameter cleanup during the SIP Phones startup process, which allows an authenticated attacker with administrative privileges to conduct a...
Parameter Injection
zend-mail is vulnerable to Parameter Injection. The vulnerability is due to unsanitized additional quote characters within an address in the file Sendmail.php, which allows an attacker to inject arbitrary parameters to the system sendmail program...
Gogs Security Breach
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...
Gogs Security Breach
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...
Gogs Security Breach
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...
Parameter Injection
zendframework/zendframework is vulnerable to Parameter Injection. The vulnerability is due to the way Zend\Mvc\Router\Http\Query captures any query parameters into the RouteMatch, allowing these parameters to override already captured routing parameters and bypass constraints defined in parent...
Pandora Security Breach
Pandora is an analytics framework for discovering if a file is suspicious and displaying the results conveniently. A security vulnerability exists in Pandora FMS versions 700 through prior to 777 that stems from the presence of a parameter injection that allows an unauthenticated attacker to...
GHSA-JQ87-2WXP-8349 ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
In Zend Framework 2, Zend\Mvc\Router\Http\Query is used primarily to allow appending query strings to URLs when assembled. However, due to the fact that it captures any query parameters into the RouteMatch, and the fact that RouteMatch parameters are merged with any parent routes, this can lead t...
RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Unsafe deserialization due to incomplete black list incomplete fix for CVE-2017-15095...
CVE-2024-4385
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...