|
1261
|
- |
|
-
|
-
|
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could expl…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-47653
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
- |
|
-
|
-
|
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their co…
|
CWE-308
Use of Single-factor Authentication
|
CVE-2024-47652
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
- |
|
-
|
-
|
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
|
CWE-202
CWE-311
CWE-312
Exposure of Sensitive Information Through Data Queries
Missing Encryption of Sensitive Data
Cleartext Storage of Sensitive Information
|
CVE-2024-6400
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
- |
|
-
|
-
|
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by includin…
|
CWE-235
|
CVE-2024-47651
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
- |
|
-
|
-
|
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.
|
CWE-1390
Weak Authentication
|
CVE-2024-45367
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
- |
|
-
|
-
|
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute …
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-41925
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
- |
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
|
-
|
CVE-2024-9266
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
- |
|
-
|
-
|
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
|
-
|
CVE-2024-41596
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
- |
|
-
|
-
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
|
-
|
CVE-2024-41595
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
|
-
|
CVE-2024-41592
|
2024-10-4 22:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
