821
|
- |
|
-
|
-
|
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating sy…
|
-
|
CVE-2024-28812
|
2024-10-1 04:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
822
|
- |
|
-
|
-
|
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunct…
|
-
|
CVE-2024-46511
|
2024-10-1 04:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
823
|
7.2 |
HIGH
Network
|
quttera
|
quttera_web_malware_scanner
|
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks
|
CWE-22
Path Traversal
|
CVE-2023-6222
|
2024-10-1 04:35 |
2023-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
824
|
7.5 |
HIGH
Network
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45862
|
2024-10-1 04:33 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
825
|
8.8 |
HIGH
Network
|
nozominetworks
|
cmc guardian
|
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality.
Authenticated users may be ab…
|
CWE-89
SQL Injection
|
CVE-2023-2567
|
2024-10-1 04:32 |
2023-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
826
|
8.8 |
HIGH
Network
|
nozominetworks
|
cmc guardian
|
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL stat…
|
CWE-89
SQL Injection
|
CVE-2023-23574
|
2024-10-1 04:30 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
827
|
7.5 |
HIGH
Network
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45861
|
2024-10-1 04:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
828
|
- |
|
-
|
-
|
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
|
-
|
CVE-2024-28811
|
2024-10-1 04:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
829
|
9.8 |
CRITICAL
Network
-
|
-
|
Rejected reason: Duplicate of CVE-2024-45806.
|
-
|
CVE-2024-7207
|
2024-10-1 04:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
830
|
9.8 |
CRITICAL
Network
github
|
enterprise_server
|
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation met…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-6800
|
2024-10-1 04:14 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|