|
313221
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgra…
|
CWE-352
Origin Validation Error
|
CVE-2024-31998
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313222
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31448
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313223
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9,…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34445
|
2024-11-6 23:29 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313224
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34444
|
2024-11-6 23:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313225
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in ver…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34443
|
2024-11-6 23:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313226
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field fro…
|
CWE-200
Information Exposure
|
CVE-2024-8553
|
2024-11-6 18:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313227
|
9.8 |
CRITICAL
Network
|
redhat
|
satellite
|
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy no…
|
CWE-287
Improper Authentication
|
CVE-2024-7012
|
2024-11-6 18:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313228
|
- |
|
-
|
-
|
Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.
|
-
|
CVE-2024-34681
|
2024-11-6 12:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313229
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPad…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-44205
|
2024-11-6 07:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313230
|
- |
|
-
|
-
|
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
|
-
|
CVE-2024-45366
|
2024-11-6 07:35 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
