CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

CVE-2024-24554

Bludit (CMS) is affected by CVE-2024-24554 due to using predictable methods with MD5 to generate sensitive tokens (API token, user token). The underlying issue is token generation, enabling authentication against the Bludit API. Documents do not provide concrete fixes or affected versions; at lea...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, SMS alerts, and product image zoom, among other features. A security vulnerability exists in PrestaShop Help Desk - Customer Support Management System version 2.4.0...

PT-2024-26280 · Unknown · Help Desk - Customer Support Management System

Name of the Vulnerable Software and Affected Versions: Help Desk - Customer Support Management System versions up to 2.4.0 Description: The issue allows a customer to upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket and...

PT-2024-27122 · Unknown · Module Live Chat Pro

Name of the Vulnerable Software and Affected Versions: Module Live Chat Pro All in One Messaging versions prior to 8.4.0 Description: The issue allows a guest to perform PHP code injection due to a predictable token. The method Lcp::saveTranslations is vulnerable, enabling the injection of PHP co...

CVE-2024-36679

CVE-2024-36679 affects Module Live Chat Pro (All in One Messaging) for PrestaShop, versions

CVE-2024-34990

CVE-2024-34990 affects the PrestaShop FME Modules Help Desk – Customer Support Management System up to version 2.4.0. The vulnerability arises from allow­ing PHP file uploads via HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket(), upload...

CVE-2024-35292

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

CVE-2024-35292

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

CVE-2024-35292

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

CVE-2024-35292

CVE-2024-35292 affects Siemens SIMATIC S7-200 SMART devices (CR40/CR60/SR20/SR30/SR40/SR60/ST20/ST30/ST40/ST60; all versions) where devices use a predictable IP ID sequence number. This vulnerability enables a class of network-based attacks that could lead to a denial-of-service condition. The CV...

Duplicate Advisory: nano-id reduced entropy due to inadequate character set usage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hc7-6w9r-wj94. This link is maintained to preserve external references. Original Description Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the...

RHEL 8 : gimp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gimp: predictable temporary file name in test-xcf.c unit test CVE-2018-12713 Note that Nessus has not tested for th...

RHEL 5 : sos (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - sos: Usage of predictable temporary files allows privilege escalation CVE-2015-7529 Note that Nessus has not tested...

RHEL 7 : gimp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gimp: Heap-based buffer overflow in readchanneldata function in plug-ins/common/file-psp.c CVE-2017-17789...

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...