|
256531
|
- |
|
-
|
-
|
itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.
|
-
|
CVE-2024-44587
|
2024-09-6 02:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256532
|
9.8 |
CRITICAL
Network
|
multivendorx
|
multivendorx
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capab…
|
CWE-862
Missing Authorization
|
CVE-2024-8289
|
2024-09-6 02:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256533
|
6.1 |
MEDIUM
Network
|
raspcontrol_project
|
raspcontrol
|
Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/r…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8413
|
2024-09-6 02:40 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256534
|
6.8 |
MEDIUM
Adjacent
|
wayos
|
fbm-291w_firmware
|
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
|
CWE-77
Command Injection
|
CVE-2024-44383
|
2024-09-6 02:38 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256535
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption
Init Control Block is dereferenced incorrectly. Correctly dereference ICB
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42288
|
2024-09-6 02:38 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256536
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly
During vport delete, it is observed that during unload we hit a c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42289
|
2024-09-6 02:37 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256537
|
8.8 |
HIGH
Network
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40645
|
2024-09-6 02:09 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256538
|
5.9 |
MEDIUM
Network
|
fogproject
|
fogproject
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the c…
|
CWE-862
Missing Authorization
|
CVE-2024-41108
|
2024-09-6 01:27 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256539
|
7.8 |
HIGH
Local
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41954
|
2024-09-6 01:18 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256540
|
7.5 |
HIGH
Network
|
ruby-lang
|
rexml
|
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-41946
|
2024-09-6 01:09 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
