542 matches found
PT-2024-34553 · Unknown · Phpgurukul Ifsc Code Finder Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul IFSC Code Finder Project version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the "/ifscfinder/admin/profile.php" API endpoint, which allows remote attackers to execute arbitrary code via the...
PT-2024-16257 · Sourcecodester · Sourcecodester Online Hotel Reservation System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the image argument leads to unrestricted upload. This issu...
PT-2024-33584 · WordPress · Endless Posts Navigation
Name of the Vulnerable Software and Affected Versions: Endless Posts Navigation versions n/a through 2.2.7 Description: A Cross-Site Request Forgery CSRF issue in Endless Posts Navigation allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...
PT-2024-39136 · WordPress · Daily Prayer Time
Name of the Vulnerable Software and Affected Versions: Daily Prayer Time plugin for WordPress versions up to, and including, 2024.08.26 Description: The issue arises from insufficient escaping on the user-supplied max word attribute of the quran verse shortcode and lack of sufficient preparation ...
PT-2024-6335 · Microsoft · Office Visio +2
Name of the Vulnerable Software and Affected Versions: Microsoft Visio affected versions not specified Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Description: The issue is related to errors in access control, allowing an...
PT-2024-31814 · Cleanlab · Cleanlab
Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...
PT-2024-31280 · Unknown · Perfex Crm
Name of the Vulnerable Software and Affected Versions: Perfex CRM version 1.1.0 Description: A stored cross-site scripting XSS issue in the Discussion section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. This enables attacker...
PT-2024-12602 · Loftware · Loftware Spectrum
Name of the Vulnerable Software and Affected Versions: Loftware Spectrum versions through 4.6 Description: The issue concerns an unprotected JMX Registry in Loftware Spectrum. Recommendations: For versions through 4.6, consider restricting access to the JMX Registry as a temporary mitigation...
PT-2024-31209 · Shopxo · Shopxo
Name of the Vulnerable Software and Affected Versions: ShopXO version 6.2 Description: The issue is related to Cross Site Scripting XSS in the backend, allowing attackers to execute code by changing POST parameters. This enables attackers to perform code execution, potentially leading to...
PT-2024-31512 · Byob · Byob
Name of the Vulnerable Software and Affected Versions: BYOB Build Your Own Botnet version 2.0 Description: An arbitrary file write issue in the exfiltration endpoint allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted...
PT-2024-30047 · Unknown · Warehouse Inventory System
Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version v2.0 Description: A Cross-Site Request Forgery CSRF issue in the delete media.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version v2.0, consider...
PT-2024-30017 · Unknown · Hotel Management System
Name of the Vulnerable Software and Affected Versions: Hotel Management System version commit 91caab8 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the book id parameter at the "admin modify room.php" endpoint. There is no information...
PT-2024-30107 · Xxl-Job · Xxl-Job
Name of the Vulnerable Software and Affected Versions: xxl-job version 2.4.1 Description: The issue allows a remote attacker to execute arbitrary code via the Sub-Task ID component due to insecure permissions. Recommendations: For xxl-job version 2.4.1, consider disabling the Sub-Task ID componen...
PT-2024-38125 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: A problematic issue was found in SeaCMS, affecting an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross-site scripting. It is possible...
PT-2024-37102 · WordPress · Timeline Event History Plugin
Name of the Vulnerable Software and Affected Versions: Timeline Event History plugin for WordPress versions up to, and including, 3.1 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input...
PT-2024-28340 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue concerns an Arbitrary File Read vulnerability. It is exploited via the admin safe.php file. Recommendations: For SeaCMS version 12.9, consider restricting access to the admin safe.php file until a...
PT-2024-37699 · Unknown · Heyewei Springbootcms
Name of the Vulnerable Software and Affected Versions: heyewei SpringBootCMS up to 2024-05-28 Description: A vulnerability has been found in the Guestbook Handler component of heyewei SpringBootCMS, affecting an unknown function of the file /guestbook. The manipulation of the Content argument lea...
PT-2024-4813 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to weaknesses in the error reporting mechanism of the software platform. It may allow a remote attacker to obtain sensitive information when a detailed technical...
PT-2024-29418 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.10 Description: A Regular Expression Denial of Service ReDoS issue exists, allowing an attacker to significantly impact the application's response time and potentially render it non-functional by manipulating...