|
305661
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2024-11020
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305662
|
6.1 |
MEDIUM
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11019
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305663
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11018
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305664
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipu…
|
CWE-89
SQL Injection
|
CVE-2024-11101
|
2024-11-19 03:57 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305665
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. T…
|
CWE-89
SQL Injection
|
CVE-2024-11100
|
2024-11-19 03:52 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305666
|
8.8 |
HIGH
Network
|
vice
|
webopac
|
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code exec…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11017
|
2024-11-19 03:47 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305667
|
7.7 |
HIGH
Network
|
adobe
|
commerce
magento
|
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-49521
|
2024-11-19 03:44 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305668
|
8.8 |
HIGH
Network
|
oretnom23
|
online_veterinary_appointment_system
|
A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The …
|
CWE-89
SQL Injection
|
CVE-2024-10990
|
2024-11-19 03:42 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305669
|
7.8 |
HIGH
Local
|
adobe
|
animate
|
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…
|
CWE-416
Use After Free
|
CVE-2024-49526
|
2024-11-19 03:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305670
|
8.8 |
HIGH
Network
|
codezips
|
online_institute_management_system
|
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. Th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10994
|
2024-11-19 03:41 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
