CVE-2024-45142

CVE-2024-45142 affects Substance3D Stager 3.0.3 and earlier. It is a Write-what-where memory corruption issue that could allow arbitrary code execution in the current user’s context. Exploitation requires the victim to open a malicious file (user interaction). Public sources in the provided docum...

Exploit for CVE-2024-45200

Kart"LAN"Pwn CVE-2024-45200https://nvd.nist.gov/vuln/detai...

CVE-2024-28389

SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail method...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...

CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

CVE-2021-42949

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...

CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

CVE-2021-42949

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...

Cross site scripting

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting XSS vulnerability via the prezzoperiodo4 parameter in creaprezzi.php...

CVE-2022-26564

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting XSS vulnerability via the prezzoperiodo4 parameter in creaprezzi.php...

CVE-2022-26564

CVE-2022-26564 affects HotelDruid Hotel Management Software v3.0.3 with a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. The issue is triggered through user-controlled input and could allow malicious scripts to execute in a victim’s browser, potential...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 is affected by a remote code execution (RCE) vulnerability that can be triggered by inserting a crafted payload into the name field in the Create New Room module. The underlying issue arises from room names being stored in /var/www/html/hoteldruid/dati/selectappartamenti.php, a ...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)

A Stored XSS vulnerability has been found in the 'Author Information' textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user contributor+ to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page...

CVE-2019-3465

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758)

Summary Financial Transaction Manager FTM for ACH Services and FTM for Corporate Payment Services CPS has addressed a potential XML External Entity vulnerability. For some web services, if the request is intercepted and modified, the XML payload could take advantage of XML External Entity Injecti...