|
318391
|
6.3 |
MEDIUM
Network
|
youdiancms
|
youdiancms
|
A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation o…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-7330
|
2024-08-24 01:12 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318392
|
8.8 |
HIGH
Network
|
lopalopa
|
music_management_system
|
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42780
|
2024-08-24 01:10 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318393
|
8.8 |
HIGH
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-sid…
|
CWE-352
Origin Validation Error
|
CVE-2024-40886
|
2024-08-24 01:09 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318394
|
8.8 |
HIGH
Network
|
lopalopa
|
music_management_system
|
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42779
|
2024-08-24 01:09 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318395
|
9.8 |
CRITICAL
Network
|
lopalopa
|
music_management_system
|
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a craf…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-42777
|
2024-08-24 01:09 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318396
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-42411
|
2024-08-24 01:04 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318397
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any …
|
NVD-CWE-Other
|
CVE-2024-43813
|
2024-08-24 00:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318398
|
- |
|
-
|
-
|
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.
|
-
|
CVE-2024-42564
|
2024-08-24 00:35 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318399
|
9.8 |
CRITICAL
Network
|
d3dsecurity
|
d8801_firmware
|
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
|
NVD-CWE-noinfo
|
CVE-2024-41623
|
2024-08-24 00:35 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318400
|
- |
|
-
|
-
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType pa…
|
-
|
CVE-2024-40487
|
2024-08-24 00:35 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
