CVE-2024-40348

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...

CVE-2024-43982 WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability

Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3...

CVE-2024-7473

CVE-2024-7473 describes an IDOR in Lunary AI: lunary-ai/lunary versions 1.3.2 to 1.4.2 allow an authenticated user to update other users’ prompts by manipulating the request’s id parameter in the Evaluations function of the umgws datasets. The root cause is unauthorized modification of a user-con...

CVE-2024-46511

LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function...

Exploit for Path Traversal in Bazarr

CVE-2024-40348 POC for CVE-2024-40348 Bazaar v1.4.3 and prior...

CVE-2024-40348

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...

CVE-2024-40348

Bazaar v1.4.3 and earlier contains an unauthenticated Arbitrary File Read via directory traversal in the component /api/swaggerui/static. The root cause is a path traversal vulnerability that allows reading arbitrary server files. Impact is unauthenticated access with potential disclosure of sens...

CVE-2024-40348

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...

GHSA-RXPW-85VW-FX87 OpenFGA denial of service

Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate...

CVE-2023-40585

CVE-2023-40585 affects the Metal³ ironic-image container used to run OpenStack Ironic. Prior to capm3-v1.4.3, if TLS is not used and API/Conductor aren’t split, the Ironic API can be accessed without authentication over the host network. The vulnerability description notes that the API is otherwi...

GHSA-HF7J-XJ3W-87G4 1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

1Panel command injection vulnerability in Firewall ip functionality

Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...

PT-2023-21686 · Oracle +2 · Solaris +2

Name of the Vulnerable Software and Affected Versions: ESS REC Agent Server Edition for Linux versions V1.0.0 through V1.4.3 ESS REC Agent Server Edition for Solaris versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition for HP-UX versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition f...

GHSA-FVX4-8H2X-GM9Q Hippo4j privilege escalation issue

An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...

CVE-2019-25073

Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory...

Cross site scripting

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

Achievo 1.4.3 Cross Site Scripting / SQL Injection

Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...

Achievo 1.4.3 - Multiple Web Vulnerabilities

Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...

Achievo v1.4.3 - Multiple Web Vulnerabilities

Document Title: =============== Achievo v1.4.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=403 http://www.cnnvd.org.cn/vulnerability/show/cvid/2012020060 ID: CNNVD-201202-060 Release Date: ============= 2012-01-29...