|
311951
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43418
|
2024-11-21 00:20 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311952
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11311
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311953
|
7.5 |
HIGH
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-11310
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311954
|
7.5 |
HIGH
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-11309
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311955
|
5.5 |
MEDIUM
Local
|
trcore
|
dvc
|
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
|
NVD-CWE-Other
|
CVE-2024-11308
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311956
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11315
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311957
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11314
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311958
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11313
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311959
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11312
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311960
|
6.1 |
MEDIUM
Network
|
ibphoenix
|
ibwebadmin
|
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11240
|
2024-11-21 00:09 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
