|
2421
|
9.8 |
CRITICAL
Network
codezips
|
online_institute_management_system
|
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argume…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10764
|
2024-11-6 23:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2422
|
7.1 |
HIGH
Local
|
apple
|
iphone_os
ipados
visionos
tvos
|
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted ba…
|
CWE-59
Link Following
|
CVE-2024-44258
|
2024-11-6 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2423
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgra…
|
CWE-352
Origin Validation Error
|
CVE-2024-31998
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2424
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31448
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2425
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9,…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34445
|
2024-11-6 23:29 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2426
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34444
|
2024-11-6 23:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2427
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in ver…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34443
|
2024-11-6 23:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2428
|
7.5 |
HIGH
Network
libtiff
redhat
|
libtiff
enterprise_linux
enterprise_linux_server_aus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_arm_64
|
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap sp…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-7006
|
2024-11-6 19:15 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2429
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field fro…
|
CWE-200
Information Exposure
|
CVE-2024-8553
|
2024-11-6 18:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2430
|
9.8 |
CRITICAL
Network
redhat
|
satellite
|
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy no…
|
CWE-287
Improper Authentication
|
CVE-2024-7012
|
2024-11-6 18:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
