|
304681
|
- |
|
-
|
-
|
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.
|
-
|
CVE-2024-34885
|
2024-11-6 02:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304682
|
- |
|
-
|
-
|
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resul…
|
-
|
CVE-2023-20518
|
2024-11-6 02:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304683
|
7.8 |
HIGH
Local
|
iconics
mitsubishielectric
|
genesis64
mc_works64
|
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prio…
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-7587
|
2024-11-6 02:24 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304684
|
- |
|
-
|
-
|
System logs could be accessed through web management application due to a lack of access control.
An attacker can obtain the following sensitive information:
• Wi-Fi access point credentials t…
|
-
|
CVE-2023-29114
|
2024-11-6 02:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304685
|
7.8 |
HIGH
Local
|
okta
|
verify
|
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords asso…
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-9191
|
2024-11-6 02:06 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304686
|
8.8 |
HIGH
Network
|
esafenet
|
cdg
|
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The ma…
|
CWE-89
SQL Injection
|
CVE-2024-10594
|
2024-11-6 02:05 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304687
|
5.4 |
MEDIUM
Network
|
webcraftplugins
|
image_map_pro
|
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9585
|
2024-11-6 02:05 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304688
|
9.8 |
CRITICAL
Network
|
esafenet
|
cdg
|
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the…
|
CWE-89
SQL Injection
|
CVE-2024-10660
|
2024-11-6 02:04 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304689
|
9.8 |
CRITICAL
Network
|
esafenet
|
cdg
|
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthor…
|
CWE-89
SQL Injection
|
CVE-2024-10659
|
2024-11-6 02:04 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304690
|
5.4 |
MEDIUM
Network
|
webcraftplugins
|
image_map_pro
|
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.…
|
CWE-862
Missing Authorization
|
CVE-2024-9584
|
2024-11-6 02:04 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
