Orca Management Organization Co., Ltd. Security Vulnerabilities

NETGEAR ProSAFE Network Management System Authentication Bypass (CVE-2023-38096)

The NETGEAR ProSAFE Network Management System (NMS) running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to perform actions that require...

PyTorch Model Server Registration and Deserialization RCE

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....

CVE-2024-6240 Improper privilege management vulnerability in Parallels Desktop

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An...

CVE-2024-6372 itsourcecode Tailoring Management System customeradd.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to...

CVE-2024-3539 Campcodes Church Management System addgiving.php sql injection

A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely....

Keysight Technologies Sensor Management Server Deserialization RCE (CVE-2022-1660)

The Keysight Sensor Management Server (SMS) running on the remote host is affected by a Java object deserialization vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code in the context of the account running the Keysight SMS....

Intel Management Engine Authentication Bypass (INTEL-SA-00075) (remote check)

The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a NULL HTTP Digest response, to bypass authentication. Note that the vulnerability is.....

CVE-2024-36041

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-6195 itsourcecode Tailoring Management System orderadd.php sql injection

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The....

CVE-2024-5047 SourceCodester Student Management System controller.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit....

CVE-2024-31330

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31324

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-6193 itsourcecode Vehicle Management System driverprofile.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The...

CVE-2023-23990 WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

CVE-2023-32333 IBM Maximo Asset Management improper access control

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: ...

ROS-20240626-14

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL....

Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities

The version of Novell ZENworks Configuration Management installed on the remote host can be tricked into disclosing any file readable by the Novell ZENworks umaninv service, and as such it is affected by multiple vulnerabilities : A directory traversal vulnerability exists that allows any...

CVE-2024-6218 itsourcecode Vehicle Management System busprofile.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The.....

CVE-2023-23990 WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE

The H3C or HPE Intelligent Management Center (iMC) web server running on the remote host is affected by a remote code execution vulnerability in accessMgrServlet due to unsafe deserialization of Java objects to various libraries. An unauthenticated, remote attacker can exploit this, by sending a...

HP System Management Homepage Single Sign On Parameter Handling RCE

The HP System Management Homepage (SMH) application running on the remote web server potentially contains an overflow condition in the Single Sign On (SSO) functionality due to improper validation of user-supplied input when handling overly long parameters. A remote attacker could exploit this to.....

CVE-2024-5893 SourceCodester Cab Management System sql injection

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-5047 SourceCodester Student Management System controller.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit....

CVE-2024-4853 Mismatched Memory Management Routines in editcap

Memory handling issue in editcap could cause denial of service via crafted capture...

CVE-2024-6196 itsourcecode Banking Management System admin_class.php sql injection

A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-6218 itsourcecode Vehicle Management System busprofile.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The.....

CVE-2024-36041

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-35141

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-6240 Improper privilege management vulnerability in Parallels Desktop

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An...

K000139628: Out-of-band Security Notification (May 29, 2024)

Security Advisory Description On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch...

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the.....

CVE-2024-2155 SourceCodester Best POS Management System index.php file inclusion

A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

GitHub Enterprise 2.8.x < 2.8.7 Management Console RCE Vulnerability - Active Check

GitHub Enterprise suffer from a remote code execution (RCE) ...

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API...

CVE-2024-3522 Campcodes Online Event Management System process.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-3612 SourceCodester Warehouse Management System barang.php cross site scripting

A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be...

CVE-2024-6195 itsourcecode Tailoring Management System orderadd.php sql injection

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The....

CVE-2024-6109 itsourcecode Tailoring Management System addmeasurement.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....

CVE-2024-6194 itsourcecode Tailoring Management System editmeasurement.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

CVE-2024-1011

A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be...

CVE-2024-3522 Campcodes Online Event Management System process.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2023-5918

A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...

CVE-2024-3612 SourceCodester Warehouse Management System barang.php cross site scripting

A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be...

CVE-2023-3810

A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql.....