|
308181
|
8.1 |
HIGH
Network
|
toshibatec
sharp
|
e-studio1058_firmware
e-studio1208_firmware
e-studio908_firmware
bp-90c70_firmware
bp-90c80_firmware
bp-70c65_firmware
bp-70c55_firmware
bp-70c45_firmware
bp-70c36_firmware
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.
A non-administrative user may execute some …
|
NVD-CWE-Other
|
CVE-2024-47005
|
2024-11-6 04:36 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
308182
|
4.8 |
MEDIUM
Network
|
toshibatec
sharp
|
e-studio1058_firmware
e-studio1208_firmware
e-studio908_firmware
bp-90c70_firmware
bp-90c80_firmware
bp-70c65_firmware
bp-70c55_firmware
bp-70c45_firmware
bp-70c36_firmware
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.
If crafted input is stored by an administrative user, ma…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48870
|
2024-11-6 04:34 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
308183
|
6.1 |
MEDIUM
Network
|
toshibatec
sharp
|
e-studio1058_firmware
e-studio1208_firmware
e-studio908_firmware
bp-90c70_firmware
bp-90c80_firmware
bp-70c65_firmware
bp-70c55_firmware
bp-70c45_firmware
bp-70c36_firmware
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.
Accessing a crafted URL which points to an affected prod…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47801
|
2024-11-6 04:34 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
308184
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
|
CWE-78
OS Command
|
CVE-2024-51248
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308185
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
|
CWE-78
OS Command
|
CVE-2024-51247
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308186
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
|
CWE-78
OS Command
|
CVE-2024-51245
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308187
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
|
CWE-78
OS Command
|
CVE-2024-51244
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308188
|
- |
|
-
|
-
|
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the paylo…
|
-
|
CVE-2024-48057
|
2024-11-6 03:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308189
|
- |
|
-
|
-
|
Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.…
|
-
|
CVE-2024-30619
|
2024-11-6 03:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308190
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' pa…
|
-
|
CVE-2024-30618
|
2024-11-6 03:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
