|
313391
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device…
|
CWE-78
OS Command
|
CVE-2024-11120
|
2024-11-15 11:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313392
|
9.1 |
CRITICAL
Network
|
paloaltonetworks
|
expedition
|
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, a…
|
CWE-89
SQL Injection
|
CVE-2024-9465
|
2024-11-15 11:00 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313393
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
expedition
|
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cle…
|
CWE-78
OS Command
|
CVE-2024-9463
|
2024-11-15 11:00 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313394
|
5.4 |
MEDIUM
Network
|
ladybirdweb
|
faveo_helpdesk
|
An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields
|
CWE-79
Cross-site Scripting
|
CVE-2024-51377
|
2024-11-15 08:23 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313395
|
9.8 |
CRITICAL
Network
|
olivegroup
|
olivevle
|
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-48428
|
2024-11-15 08:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313396
|
7.5 |
HIGH
Network
|
plenti
|
plenti
|
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti use…
|
CWE-22
Path Traversal
|
CVE-2024-49381
|
2024-11-15 08:04 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313397
|
8.8 |
HIGH
Network
|
autolabproject
|
autolab
|
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient…
|
CWE-863
Incorrect Authorization
|
CVE-2024-49376
|
2024-11-15 07:49 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313398
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2024-11016
|
2024-11-15 06:53 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313399
|
9.8 |
CRITICAL
Network
|
matrixcomsec
|
cosec_vega_faxq_firmware
|
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vu…
|
NVD-CWE-Other
|
CVE-2024-10381
|
2024-11-15 06:44 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313400
|
5.9 |
MEDIUM
Network
|
ibm
|
txseries_for_multiplatforms
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the …
|
NVD-CWE-noinfo
|
CVE-2024-41738
|
2024-11-15 05:51 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
