|
316511
|
- |
|
-
|
-
|
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.
|
-
|
CVE-2024-42564
|
2024-08-24 00:35 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316512
|
9.8 |
CRITICAL
Network
|
d3dsecurity
|
d8801_firmware
|
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
|
NVD-CWE-noinfo
|
CVE-2024-41623
|
2024-08-24 00:35 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316513
|
- |
|
-
|
-
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType pa…
|
-
|
CVE-2024-40487
|
2024-08-24 00:35 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316514
|
- |
|
-
|
-
|
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux k…
|
-
|
CVE-2023-50810
|
2024-08-24 00:35 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316515
|
7.2 |
HIGH
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to …
|
NVD-CWE-Other
|
CVE-2024-8071
|
2024-08-24 00:34 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316516
|
6.5 |
MEDIUM
Network
|
ibm
|
openpages_with_watson
openpages_grc_platform
|
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-35151
|
2024-08-24 00:32 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316517
|
5.9 |
MEDIUM
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-39746
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316518
|
7.5 |
HIGH
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-39745
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316519
|
4.3 |
MEDIUM
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fro…
|
CWE-352
Origin Validation Error
|
CVE-2024-39744
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316520
|
5.3 |
MEDIUM
Network
|
youdiancms
|
youdiancms
|
A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to informati…
|
NVD-CWE-noinfo
|
CVE-2024-7328
|
2024-08-24 00:25 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
