The vulnerability of the “Updates Service” software, which allows a hacker to gain access to read local files.

The vulnerability of the “Updates Service” software’s web request handler lies in the lack of limits on authentication attempts. Exploiting this vulnerability can allow a malicious actor to gain read access to local files...

CVE-2024-6370

A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argumen...

CVE-2024-6368

A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be...

CVE-2024-6369

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LVReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible t...

CVE-2024-6367

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

CVE-2024-6367

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

CVE-2024-6370

CVE-2024-6370 affects LabVantage LIMS 2017. A cross-site scripting flaw exists in the POST Request Handler via the file parameter /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp, by tampering the bulletinbody argument. The attack can be launched remotely and the exp...

CVE-2024-6368

CVE-2024-6368 affects LabVantage LIMS 2017. The issue resides in the POST Request Handler where processing of the file path /labvantage/rc?command=page and the manipulation of the argument param1 leads to a cross-site scripting (XSS) vulnerability. The attack can be initiated remotely and the exp...

CVE-2024-6368 LabVantage LIMS POST Request cross site scripting

A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be...

LabVantage Solutions LIMS Cross-Site Scripting Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A cross-site scripting vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from some unknown handling of parameter param1 in a file processed by the POST request handler...

PT-2024-37571 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 Description: A vulnerability was found in the component POST Request Handler, affecting the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp. The manipulation of the argument...

PT-2024-37572 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 WPML affected versions not specified Description: A problematic issue affects the processing of the file "/labvantage/rc?command=page" of the component POST Request Handler. The manipulation of the argument param1...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6269

CVE-2024-6269 affects Ruijie RG-UAC 1.0. The vulnerability lives in the HTTP POST handler function get_ip.addr_details in /view/vpn/autovpn/sxh_vpnlic.php, where manipulating the indevice argument enables remote command injection. Public exploit information exists. Affected product behavior and r...

CVE-2024-5771

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The atta...

LabVantage Solutions LIMS SQL Injection Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A SQL injection vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from unknown code in the component POST Request Handler, which leads to an SQL injection via the param1...