CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

CVE-2022-34871

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...

Apache ActiveMQ 5.11.x < 5.11.4 / 5.12.x < 5.12.3 / 5.13.x < 5.13.1 Web Console Multiple XSS

The version of Apache ActiveMQ running on the remote host is 5.11.x prior to 5.11.4, 5.12.x prior to 5.12.3, or 5.x prior to 5.13.1. It is, therefore, affected by multiple cross-site scripting vulnerabilities in the web-based administration console due to improper validation of user-supplied...

CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

CVE-2024-31232

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through...

RHEL 7 / 8 : Red Hat JBoss Web Server 5.5.0 Security (Moderate) (RHSA-2021:2561)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2561 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a...

Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components

Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...

Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark...

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka...

Joomla! <3.7.1 - SQL Injection

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...

CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

CVE-2024-30120 HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application

HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code...

CVE-2024-4677 Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....

CVE-2024-4527 Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...

CVE-2024-30120 HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application

HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...

CVE-2024-4525 Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....

CVE-2024-4677 Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....

CVE-2024-4527 Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...

CVE-2024-4517 Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate....

Microsoft SQL (MSSQL) Server 6, 7, 2000 Multiple Vulnerabilities

The plugin attempts a smb connection to read version from the registry...

Exploit for CVE-2023-46453

GL.iNet Router Authentication Bypass (CVE-2023-46453) Exploit...

CVE-2024-4523 Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site...

CVE-2024-4526 Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be...

CVE-2024-4652 Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the...

CVE-2024-4521 Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...

CVE-2024-4521 Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...

Exploit for CVE-2024-28397

Perkenalan 中文 `js2pyadalah paket python...

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-4519 Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may...

CVE-2024-4525 Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....

CVE-2024-4649 Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....

CVE-2024-4649 Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....

CVE-2024-34369 WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through...

Plesk Obsidian <=18.0.49 - Open Redirect

Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use...

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note...

RHEL 7 / 8 : Red Hat JBoss Web Server 5.4.2 Security Update (Important) (RHSA-2021:1195)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1195 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...

Poultry Farm Management System v1.0 - Remote Code Execution Exploit

...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...

Apache Struts2 S2-053 - Remote Code Execution

Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the...

ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files....

golang.org/x/text/language Denial of service via crafted Accept-Language header

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten to....

Exploit for CVE-2024-29059

Leaking and Exploiting ObjRefs via HTTP .NET Remoting...

RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.2 Security Update (Important) (RHSA-2022:1519)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1519 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2868 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...