|
310021
|
8.8 |
HIGH
Network
|
isellerpal
|
enterprise_resource_management_system
|
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPost…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42676
|
2024-11-19 04:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310022
|
3.3 |
LOW
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
udf: refactor inode_bmap() to handle error
Refactor inode_bmap() to handle error since udf_next_aext() can return
error now. On s…
|
NVD-CWE-noinfo
|
CVE-2024-50211
|
2024-11-19 04:04 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310023
|
5.4 |
MEDIUM
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the comprom…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11021
|
2024-11-19 04:00 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310024
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2024-11020
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310025
|
6.1 |
MEDIUM
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11019
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310026
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11018
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310027
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipu…
|
CWE-89
SQL Injection
|
CVE-2024-11101
|
2024-11-19 03:57 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310028
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. T…
|
CWE-89
SQL Injection
|
CVE-2024-11100
|
2024-11-19 03:52 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310029
|
8.8 |
HIGH
Network
|
vice
|
webopac
|
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code exec…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11017
|
2024-11-19 03:47 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310030
|
7.7 |
HIGH
Network
|
adobe
|
commerce
magento
|
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-49521
|
2024-11-19 03:44 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
