|
315091
|
8.8 |
HIGH
Network
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40645
|
2024-09-6 02:09 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315092
|
5.9 |
MEDIUM
Network
|
fogproject
|
fogproject
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the c…
|
CWE-862
Missing Authorization
|
CVE-2024-41108
|
2024-09-6 01:27 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315093
|
7.8 |
HIGH
Local
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41954
|
2024-09-6 01:18 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315094
|
7.5 |
HIGH
Network
|
ruby-lang
|
rexml
|
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-41946
|
2024-09-6 01:09 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315095
|
7.2 |
HIGH
Network
|
dell
|
cloudlink
|
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could pote…
|
NVD-CWE-Other
|
CVE-2024-38482
|
2024-09-6 01:04 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315096
|
9.8 |
CRITICAL
Network
|
any1
|
neatvnc
|
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
|
NVD-CWE-noinfo
|
CVE-2024-42458
|
2024-09-6 00:51 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315097
|
5.4 |
MEDIUM
Network
|
metaphorcreations
|
ditty
|
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6710
|
2024-09-6 00:30 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315098
|
8.8 |
HIGH
Network
|
wpsoul
|
greenshift_query_addon
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query a…
|
CWE-89
SQL Injection
|
CVE-2024-43942
|
2024-09-6 00:25 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315099
|
8.8 |
HIGH
Network
|
wpsoul
|
greenshift_woocommerce_addon
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerc…
|
CWE-89
SQL Injection
|
CVE-2024-43943
|
2024-09-6 00:10 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315100
|
8.8 |
HIGH
Network
|
wpmart
|
animated_number_counters
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Num…
|
CWE-22
Path Traversal
|
CVE-2024-43957
|
2024-09-5 23:49 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
