101
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-7711
|
2024-09-28 03:17 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
102
|
6.5 |
MEDIUM
Network
|
lucasgarcia
|
posts_reminder
|
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8093
|
2024-09-28 03:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
103
|
- |
|
-
|
-
|
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
New
|
-
|
CVE-2024-9301
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
104
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: thi…
New
|
-
|
CVE-2024-46257
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
105
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
New
|
-
|
CVE-2024-46256
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
106
|
- |
|
-
|
-
|
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the e…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39364
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
107
|
- |
|
-
|
-
|
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an …
New
|
-
|
CVE-2024-39275
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
108
|
- |
|
-
|
-
|
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-38308
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
109
|
- |
|
-
|
-
|
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
New
|
CWE-261
Weak Encoding for Password
|
CVE-2024-37187
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
110
|
- |
|
-
|
-
|
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
New
|
CWE-261
Weak Encoding for Password
|
CVE-2024-34542
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|