|
312241
|
- |
|
-
|
-
|
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" in…
|
-
|
CVE-2024-37728
|
2024-09-12 00:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312242
|
4.4 |
MEDIUM
Local
|
avaya
|
aura_system_manager
|
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the sys…
|
NVD-CWE-noinfo
|
CVE-2024-7480
|
2024-09-12 00:03 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312243
|
6.7 |
MEDIUM
Local
|
avaya
|
aura_system_manager
|
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager databas…
|
CWE-89
SQL Injection
|
CVE-2024-7477
|
2024-09-12 00:03 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312244
|
8.8 |
HIGH
Network
|
e-bmsoft
|
bmplanning
|
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parame…
|
CWE-89
SQL Injection
|
CVE-2024-28298
|
2024-09-11 23:54 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312245
|
9.6 |
CRITICAL
Network
|
monkeytype
|
monkeytype
|
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attac…
|
CWE-94
Code Injection
|
CVE-2024-41127
|
2024-09-11 23:52 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312246
|
8.8 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd …
|
CWE-77
Command Injection
|
CVE-2024-7436
|
2024-09-11 23:41 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312247
|
4.3 |
MEDIUM
Network
|
simplemachines
|
simple_machines_forum
|
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=sho…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7438
|
2024-09-11 23:39 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312248
|
4.3 |
MEDIUM
Network
|
simplemachines
|
simple_machines_forum
|
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the co…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7437
|
2024-09-11 23:39 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312249
|
9.1 |
CRITICAL
Network
|
ibm
|
planning_analytics_workspace
planning_analytics_local
|
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-35143
|
2024-09-11 23:34 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312250
|
6.1 |
MEDIUM
Network
|
ai3
|
qbibot
|
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7204
|
2024-09-11 23:23 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
