|
317411
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
|
CWE-219
Storage of File with Sensitive Data Under Web Root
|
CVE-2024-39776
|
2024-09-5 03:25 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317412
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-42418
|
2024-09-5 03:22 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317413
|
9.8 |
CRITICAL
Network
|
angeljudesuarez
|
e-commerce_website
|
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulat…
|
CWE-89
SQL Injection
|
CVE-2024-8139
|
2024-09-5 03:02 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317414
|
8.1 |
HIGH
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in wit…
|
CWE-287
Improper Authentication
|
CVE-2024-7745
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317415
|
6.5 |
MEDIUM
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Pr…
|
CWE-22
Path Traversal
|
CVE-2024-7744
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317416
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
|
NVD-CWE-noinfo
|
CVE-2024-39837
|
2024-09-5 02:38 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317417
|
8.8 |
HIGH
Network
|
easytest_online_test_platform_project
|
easytest_online_test_platform
|
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
|
CWE-89
SQL Injection
|
CVE-2024-7871
|
2024-09-5 02:34 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317418
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a…
|
NVD-CWE-noinfo
|
CVE-2024-39839
|
2024-09-5 02:34 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317419
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as f…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45046
|
2024-09-5 02:32 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317420
|
6.5 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker t…
|
CWE-611
XXE
|
CVE-2024-45048
|
2024-09-5 02:27 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
