|
309641
|
4.9 |
MEDIUM
Network
|
teamplus
|
team\+_pro
|
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root dir…
|
NVD-CWE-Other
|
CVE-2024-9923
|
2024-10-24 22:24 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309642
|
7.5 |
HIGH
Network
|
teamplus
|
team\+_pro
|
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
NVD-CWE-Other
|
CVE-2024-9922
|
2024-10-24 22:21 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309643
|
9.8 |
CRITICAL
Network
|
teamplus
|
team\+_pro
|
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database c…
|
CWE-89
SQL Injection
|
CVE-2024-9921
|
2024-10-24 22:19 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309644
|
6.1 |
MEDIUM
Network
|
ujangrohidin
|
localserver
|
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10286
|
2024-10-24 13:08 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309645
|
6.1 |
MEDIUM
Network
|
ujangrohidin
|
localserver
|
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10289
|
2024-10-24 13:07 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309646
|
6.1 |
MEDIUM
Network
|
ujangrohidin
|
localserver
|
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10288
|
2024-10-24 13:07 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309647
|
6.1 |
MEDIUM
Network
|
ujangrohidin
|
localserver
|
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10287
|
2024-10-24 13:07 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309648
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: check cx23885_vdev_init() return
cx23885_vdev_init() can return a NULL pointer, but that pointer
is used in …
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52918
|
2024-10-24 12:55 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309649
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Handle memory allocation failure from nci_skb_alloc() (call…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52919
|
2024-10-24 12:53 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309650
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
In m_can_pci_remove() and error handling path of m_ca…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2022-49024
|
2024-10-24 12:50 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
