PT-2024-33476 · Unknown · Edush Maxim Googledrive Folder List

Name of the Vulnerable Software and Affected Versions: Edush Maxim GoogleDrive folder list versions n/a through 2.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Edush Maxim GoogleDrive folder list, which allows Stored XSS. This can lead to Stored Cross Site...

CVE-2024-10021

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/managepurchase.php?action=search&tag=VOUCHERNUMBER. The manipulation of the argument text leads to sql injection. The...

PT-2024-10574

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to, and including, 3.1.2 Description The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input...

PT-2024-39513 · WordPress · Redi Restaurant Reservation

Name of the Vulnerable Software and Affected Versions: ReDi Restaurant Reservation plugin for WordPress versions up to, and including, 24.0902 Description: The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without...

CVE-2024-47366

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6...

Arbitrary Code Execution

mautic/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation and access control during the execution of the upgrade script, allowing an attacker to execute arbitrary code during the upgrade process...

PT-2024-20859 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...

C-MOR Video Surveillance 5.2401 Path Traversal

Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...

CVE-2024-45178

CVE-2024-45178 affects za-internet C-MOR Video Surveillance 5.2401. The issue is path traversal caused by insufficient input validation, enabling an authenticated user to download arbitrary files as user www-data via vulnerable scripts download-bkf.pml (parameter bkf) and show-movies.pml (paramet...

The vulnerability of the cgi_FMT_R12R5_2nd_DiskMGR function in the /cgi-bin/hd_config.cgi component of D-Link routers’ microprogramming software allows a attacker to execute arbitrary code.

The vulnerability of the cgiFMTR12R52ndDiskMGR function in the /cgi-bin/hdconfig.cgi component of D-Link routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-40484

A Reflected Cross Site Scripting XSS vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter...

CVE-2024-7335

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument httphost leads to buffer overflow. It is possible to launch the attack...

TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the function loginauth in the /cgi-bin/cstecgi.cgi file, which operates on the paramet...

PT-2024-27649 · Perials · Perials Simple Social Share

Name of the Vulnerable Software and Affected Versions: Perials Simple Social Share versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations...

WordPress WP Affiliate Platform plugin < 6.5.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

WordPress Seriously Simple Podcasting plugin < 3.3.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Thanh Hang in WordPress Plugin Seriously Simple Podcasting versions 3.3.0...

The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.

The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

Loan Management System SQL Injection Vulnerability

Loan Management System is a loan management system by razormist Personal Developer. A SQL injection vulnerability exists in itsourcecode Loan Management System version 1.0, which is caused by an unknown function in login.php in the component Login, which leads to SQL injection via the parameter...

Wordpress Divi theme <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Theme Divi versions = 4.25.1...