69 matches found
Mengshen Wireless Door Alarm M70 Security Breach
The Mengshen Wireless Door Alarm M70 is a wireless alarm from Mengshen. A security vulnerability exists in Mengshen Wireless Door Alarm M70 version 2024-05-24, which originates from the ability to bypass authentication via the capture replay method...
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was release...
Adobe Photoshop Arbitrary Code Execution Vulnerability (APSB24-27) - Mac OS X
Adobe Photoshop is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...
Ariane Allegro Scenario Player Security Vulnerability
ArianeGroup Ariane Allegro Scenario Player is a simulation and training software tool for the aerospace and defense industry from Ariane ArianeGroup. A security vulnerability exists in Ariane Allegro Scenario Player version 2024-03-05 and earlier, which stems from a vulnerability that allows a...
PT-2024-6301 · Ivanti · Ivanti Epm
Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions before 2022 SU6 Ivanti EPM versions before the 2024 September update Description: The issue is related to an unspecified SQL injection in Ivanti EPM, which allows a remote authenticated attacker with admin privileges to...
Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)
The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...
CVE-2024-4358
CVE-2024-4358 affects Progress Telerik Report Server (2024 Q1 10.0.24.305 and earlier) on IIS, allowing an unauthenticated attacker to bypass authentication and access restricted functionality. Public details come from multiple sources in the connected docs: Exploit-DB/Metasploit references descr...
Aimeos denial of service vulnerability in SaaS and marketplace setups
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack...
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
CVE-2024-4837 Trust Boundary Violation Vulnerability
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
CVE-2024-4357
Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...
Progress Software Telerik Report Server 安全漏洞
Progress Software Telerik Report Server is an enterprise-level report management and distribution solution from Progress Software. A security vulnerability exists in Progress Software Telerik Report Server version 2024 Q1 10.0.24.305 and prior versions. An attacker could exploit the vulnerability...
PT-2024-20354 · Vaales Technologies · V Qrs
Name of the Vulnerable Software and Affected Versions: Vaales Technologies V QRS version 2024-01-17 Description: The issue allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. This is achieved through a SQL injection vulnerability. Recommendations: For...
Foxit Reader 资源管理错误漏洞
Foxit Reader is a PDF document reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit Reader version 2024.1.0.23997, which stems from a post-release reuse vulnerability that could lead to memory corruption and arbitrary code execution...
CVE-2024-32404
Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature...
CVE-2024-30270
The CVE-2024-30270 entry pertains to mailcow: dockerized prior to the 2024-04 release. A vulnerability combines path traversal and arbitrary code execution targeting the rspamd_maps() function, allowing an authenticated admin to overwrite any file writable by the www-data user due to improper pat...