GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a cross-site scripting...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2751)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2024-2769)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via ...

PT-2024-32651 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, which may lead to the contamination of unintended data in HTTP response headers...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

CVE-2024-41617

Money Manager EX WebApp web-money-manager-ex 1.2.2 is vulnerable to Incorrect Access Control. The redirectifnotloggedin function in functionssecurity.php fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary...

CVE-2024-20386

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...

CVE-2024-20364

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficien...

CVE-2024-20372

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2024-42933)

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. It is used to protect...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center that stems from insufficient validation of user-supplied input in the web management interface. An attacker could explo...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...