|
306451
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Sof…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43417
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306452
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
|
CWE-89
SQL Injection
|
CVE-2024-41679
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306453
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41678
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306454
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
|
CWE-89
SQL Injection
|
CVE-2024-45608
|
2024-11-21 00:20 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306455
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43418
|
2024-11-21 00:20 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306456
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11311
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306457
|
7.5 |
HIGH
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-11310
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306458
|
7.5 |
HIGH
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-11309
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306459
|
5.5 |
MEDIUM
Local
|
trcore
|
dvc
|
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
|
NVD-CWE-Other
|
CVE-2024-11308
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306460
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11315
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
