|
313021
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-23460
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313022
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscale…
|
CWE-346
Origin Validation Error
|
CVE-2024-23458
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313023
|
6.5 |
MEDIUM
Network
|
zscaler
|
client_connector
|
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2023-28806
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313024
|
8.8 |
HIGH
Network
|
datagear
|
datagear
|
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMappe…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2024-7552
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313025
|
9.8 |
CRITICAL
Network
|
zscaler
|
client_connector
|
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
|
CWE-78
OS Command
|
CVE-2024-23483
|
2024-08-8 06:23 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313026
|
4.9 |
MEDIUM
Network
|
zscaler
|
client_connector
|
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1
|
NVD-CWE-noinfo
|
CVE-2024-23464
|
2024-08-8 06:23 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313027
|
9.8 |
CRITICAL
Network
|
vivotek
|
cc8160_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulat…
|
CWE-77
Command Injection
|
CVE-2024-7440
|
2024-08-8 06:15 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313028
|
- |
|
novell
|
groupwise
groupwise_webaccess
|
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as…
|
NVD-CWE-Other
|
CVE-2005-0296
|
2024-08-8 06:15 |
2005-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313029
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-300_firmware
|
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-41616
|
2024-08-8 05:54 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313030
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
tourism_management_system
|
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41333
|
2024-08-8 05:54 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
