542 matches found
PT-2024-2053 · Ibm · Ibm Engineering Requirements Management Doors
Name of the Vulnerable Software and Affected Versions: IBM Engineering Requirements Management versions 9.7.2.7 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to exploit it and potentially disclose protected information. This...
PT-2024-13730 · Ellucian · Ellucian Banner
Name of the Vulnerable Software and Affected Versions: Ellucian Banner version 9.17 Description: The issue allows Insecure Direct Object Reference IDOR via a modified bannerId to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access...
PT-2024-20072 · Samsung · Samsung Magician
Name of the Vulnerable Software and Affected Versions: Samsung Magician PC Software version 8.0.0 Description: The issue is related to improper privilege control for a named pipe, allowing a local attacker to read privileged data. This could potentially lead to unauthorized access to sensitive...
PT-2024-1372 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.49 multi TDE01 Description: The issue is related to a buffer overflow vulnerability in the fromAddressNat function of the Tenda AC10U router's firmware. This vulnerability can be exploited remotely, potentially...
PT-2024-1439 · Unknown · Systemk Nvr
Name of the Vulnerable Software and Affected Versions: SystemK NVR versions 2.3.5SK.30084998 and prior Description: The issue is related to a command injection vulnerability in the dynamic domain name system DDNS settings. This vulnerability could allow an attacker to execute arbitrary commands...
PT-2024-13165 · Line · Ailand Clinic Mini-App
Name of the Vulnerable Software and Affected Versions: Ailand clinic mini-app on Line version 13.6.1 Description: An issue in the Ailand clinic mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to...
PT-2024-14328 · Yonyou · Yonbip
Name of the Vulnerable Software and Affected Versions: YonBIP version 3 23.05 Description: A SQL injection issue was discovered in YonBIP via the runScript method of the com.yonyou.hrcloud.attend.web.AttendScriptController class. This allows for potential exploitation. Recommendations: For YonBIP...
PT-2024-1253 · Totolink · Totolink Lr1200Gb
Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue has been identified, affecting the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ip argument leads to a stack-based buffer...
PT-2024-11897 · Unknown · Qkmc-Rk Redbbs
Name of the Vulnerable Software and Affected Versions: qkmc-rk redbbs version 1.0 Description: A problematic issue was found in the Nickname Handler component, leading to cross-site scripting. The attack can be launched remotely. Recommendations: For qkmc-rk redbbs version 1.0, consider disabling...
PT-2023-13730 · Nokia · Nokia Nfm-T
Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges...
PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search
Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...
PT-2023-31322 · Unknown · Speedycache
Name of the Vulnerable Software and Affected Versions: SpeedyCache – Cache, Optimization, Performance versions n/a through 1.1.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This type of vulnerability allows an attacker to trick the server into making...
PT-2023-31191 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the /admin/tag/update API endpoint. Recommendations: For JFinalCMS version 5.0.0, consider...
PT-2023-30999 · Jupiter · Jupiterx
Name of the Vulnerable Software and Affected Versions: Jupiter version 1.3.1 Description: A deserialization vulnerability allows attackers to execute arbitrary commands via sending a crafted RPC request. Recommendations: For Jupiter version 1.3.1, consider disabling the deserialization...
PT-2023-29038 · Emsigner · Emsigner
Name of the Vulnerable Software and Affected Versions: EMSigner version 2.8.7 Description: The issue is related to incorrect access control in the AdHoc User creation form, allowing unauthenticated attackers to modify usernames and privileges using the email address of a registered user...
Input validation
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...
PT-2023-26629 · Unknown · Tire-Sales Line
Name of the Vulnerable Software and Affected Versions: tire-sales Line version 13.6.1 Description: An issue in the software allows a remote attacker to obtain sensitive information via a crafted GET request. Recommendations: For version 13.6.1, consider restricting access to sensitive information...
PT-2023-25752 · Totolink · Totolink Cp300+
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ version 5.2cu.7594 B20200910 Description: A stack overflow issue was discovered via the pingIp parameter in the setDiagnosisCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK CP300+ version...
PT-2023-29032 · Netis · Netis N3Mv2
Name of the Vulnerable Software and Affected Versions: Netis N3Mv2 version 1.0.1.865 Description: A command injection issue was discovered in the Wake-On-LAN WoL function via the wakeup mac parameter. This issue can be exploited using a crafted payload. Recommendations: For Netis N3Mv2 version...
PT-2023-28739 · Yzncms · Yzncms
Name of the Vulnerable Software and Affected Versions: YZNCMS version 1.3.0 Description: A stored cross-site scripting XSS issue in the cms/content/edit component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. This enables...