Lista CVE - 2024 / Agosto

Visualizzazione 1801 - 1900 di 2898 CVE per Agosto 2024 (Pagina 19 di 29)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2024-7925	2024-08-19	ZZCMS eginfo.php information disclosure
CVE-2024-7592	2024-08-19	Quadratic complexity parsing cookies with backslashes
CVE-2024-43311	2024-08-19	WordPress Login As Users plugin <= 1.4.2 - Broken Authentication vulnerability
CVE-2024-43317	2024-08-19	WordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43326	2024-08-19	WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability
CVE-2024-43328	2024-08-19	WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability
CVE-2024-43345	2024-08-19	WordPress Landing Page Builder plugin <= 1.5.2.0 - Local File Inclusion vulnerability
CVE-2024-43354	2024-08-19	WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability
CVE-2024-7926	2024-08-19	ZZCMS about_edit.php path traversal
CVE-2024-7927	2024-08-19	ZZCMS class.php path traversal
CVE-2024-7928	2024-08-19	FastAdmin lang path traversal
CVE-2024-7929	2024-08-19	SourceCodester Simple Forum Website Signup Page registration.php cross site scripting
CVE-2024-7930	2024-08-19	SourceCodester Clinics Patient Management System get_packings.php sql injection
CVE-2024-7931	2024-08-19	SourceCodester Online Graduate Tracer System view_csprofile.php sql injection
CVE-2024-4785	2024-08-19	BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
CVE-2024-7933	2024-08-19	itsourcecode Project Expense Monitoring System Backend Login login1.php sql injection
CVE-2024-7934	2024-08-19	itsourcecode Project Expense Monitoring System execute.php sql injection
CVE-2024-7935	2024-08-19	itsourcecode Project Expense Monitoring System print.php sql injection
CVE-2024-7305	2024-08-19	DWF Vulnerability in Autodesk Desktop Software
CVE-2024-7936	2024-08-19	itsourcecode Project Expense Monitoring System transferred_report.php sql injection
CVE-2024-30949	2024-08-20	An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
CVE-2024-31842	2024-08-20	An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be...
CVE-2024-33872	2024-08-20	Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
CVE-2024-35540	2024-08-20	A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-42552	2024-08-20	Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
CVE-2024-42553	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42554	2024-08-20	Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
CVE-2024-42555	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42556	2024-08-20	Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
CVE-2024-42557	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42558	2024-08-20	Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
CVE-2024-42559	2024-08-20	An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
CVE-2024-42560	2024-08-20	A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted...
CVE-2024-42561	2024-08-20	Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
CVE-2024-42562	2024-08-20	Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
CVE-2024-42563	2024-08-20	An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2024-42564	2024-08-20	ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.
CVE-2024-42565	2024-08-20	ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
CVE-2024-42566	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php
CVE-2024-42567	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
CVE-2024-42568	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
CVE-2024-42569	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
CVE-2024-42570	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.
CVE-2024-42571	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
CVE-2024-42572	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
CVE-2024-42574	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
CVE-2024-42575	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
CVE-2024-42576	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42577	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42578	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42579	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42580	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42581	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42582	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42583	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42585	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42586	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42598	2024-08-20	SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write...
CVE-2024-42603	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
CVE-2024-42604	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
CVE-2024-42605	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
CVE-2024-42606	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
CVE-2024-42607	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
CVE-2024-42608	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
CVE-2024-42609	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
CVE-2024-42610	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
CVE-2024-42611	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
CVE-2024-42612	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42613	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
CVE-2024-42617	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
CVE-2024-42618	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
CVE-2024-42619	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVE-2024-42621	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
CVE-2024-42919	2024-08-20	eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.
CVE-2024-43688	2024-08-20	cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023...
CVE-2024-34458	2024-08-20	Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.
CVE-2024-39094	2024-08-20	Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVE-2024-42006	2024-08-20	Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.
CVE-2024-42573	2024-08-20	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.
CVE-2024-42584	2024-08-20	A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42616	2024-08-20	Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics
CVE-2024-42662	2024-08-20	An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
CVE-2024-7937	2024-08-20	itsourcecode Project Expense Monitoring System printtransfer.php sql injection
CVE-2024-7942	2024-08-20	SourceCodester Leads Manager Tool update-leads.php cross site scripting
CVE-2024-7943	2024-08-20	itsourcecode Laravel Property Management System PropertiesController.php upload unrestricted upload
CVE-2024-7944	2024-08-20	itsourcecode Laravel Property Management System DocumentsController.php UpdateDocumentsRequest unrestricted upload
CVE-2024-7945	2024-08-20	itsourcecode Laravel Property Management System Notes Page create cross site scripting
CVE-2024-7946	2024-08-20	itsourcecode Online Blood Bank Management System User Signup register.php sql injection
CVE-2024-7947	2024-08-20	SourceCodester Point of Sales and Inventory Management System login.php sql injection
CVE-2024-7948	2024-08-20	SourceCodester Accounts Manager App Update Account Page update-account.php cross site scripting
CVE-2024-7949	2024-08-20	SourceCodester Online Graduate Tracer System fetch_genderit.php sql injection
CVE-2024-7850	2024-08-20	BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-5941	2024-08-20	GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion
CVE-2024-5932	2024-08-20	GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution
CVE-2024-5939	2024-08-20	GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure
CVE-2024-7827	2024-08-20	Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter
CVE-2024-5940	2024-08-20	GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update
CVE-2024-7702	2024-08-20	Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function
CVE-2024-7775	2024-08-20	Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
CVE-2024-7777	2024-08-20	Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion