|
313331
|
- |
|
-
|
-
|
SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add…
|
-
|
CVE-2021-27701
|
2024-11-19 04:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313332
|
- |
|
-
|
-
|
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify us…
|
-
|
CVE-2021-27700
|
2024-11-19 04:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313333
|
8.8 |
HIGH
Network
|
microsoft
|
sql_server_2016
sql_server_2017
sql_server_2019
|
SQL Server Native Client Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38255
|
2024-11-19 04:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313334
|
- |
|
-
|
-
|
In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution o…
|
-
|
CVE-2024-49593
|
2024-11-19 04:35 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313335
|
8.8 |
HIGH
Network
|
isellerpal
|
enterprise_resource_management_system
|
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPost…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42676
|
2024-11-19 04:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313336
|
3.3 |
LOW
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
udf: refactor inode_bmap() to handle error
Refactor inode_bmap() to handle error since udf_next_aext() can return
error now. On s…
|
NVD-CWE-noinfo
|
CVE-2024-50211
|
2024-11-19 04:04 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313337
|
5.4 |
MEDIUM
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the comprom…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11021
|
2024-11-19 04:00 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313338
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2024-11020
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313339
|
6.1 |
MEDIUM
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11019
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313340
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11018
|
2024-11-19 03:59 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
