|
309401
|
6.1 |
MEDIUM
Network
|
nac
|
nacpremium
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6920
|
2024-09-18 00:58 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309402
|
9.8 |
CRITICAL
Network
|
nac
|
nacpremium
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPr…
|
CWE-89
SQL Injection
|
CVE-2024-6919
|
2024-09-18 00:57 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309403
|
6.5 |
MEDIUM
Network
|
siemens
|
omnivise_t3000_application_server
|
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow au…
|
CWE-22
Path Traversal
|
CVE-2024-38878
|
2024-09-18 00:50 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309404
|
9.8 |
CRITICAL
Network
|
anji-plus
|
report
|
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitra…
|
NVD-CWE-Other
|
CVE-2024-7314
|
2024-09-18 00:45 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309405
|
7.8 |
HIGH
Local
|
siemens
|
omnivise_t3000_whitelisting_server
omnivise_t3000_thin_client
omnivise_t3000_terminal_server
omnivise_t3000_product_data_management
omnivise_t3000_domain_controller
omnivise_t3000_appl…
|
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (…
|
NVD-CWE-noinfo
|
CVE-2024-38876
|
2024-09-17 23:45 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309406
|
9.8 |
CRITICAL
Network
|
totolink
|
t8_firmware
|
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46419
|
2024-09-17 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309407
|
9.8 |
CRITICAL
Network
|
totolink
|
t8_firmware
|
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46451
|
2024-09-17 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309408
|
7.5 |
HIGH
Network
|
totolink
|
t8_firmware
|
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46424
|
2024-09-17 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309409
|
7.5 |
HIGH
Network
|
nt-ware
|
uniflow_smartclient
uniflow_online_print_\&_scan
uniflow_online
|
The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email…
|
NVD-CWE-Other
|
CVE-2024-1621
|
2024-09-17 23:12 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309410
|
7.8 |
HIGH
Local
|
vmware
|
fusion
|
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnera…
|
NVD-CWE-noinfo
|
CVE-2024-38811
|
2024-09-17 22:33 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
