Total
67 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-33860 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | |||||
CVE-2024-25975 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal). | |||||
CVE-2024-37295 | 2024-06-13 | N/A | 7.2 HIGH | ||
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue. | |||||
CVE-2024-4818 | 2024-06-04 | 5.0 MEDIUM | 5.3 MEDIUM | ||
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. | |||||
CVE-2024-28826 | 2024-05-29 | N/A | 8.8 HIGH | ||
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | |||||
CVE-2023-36764 | 1 Microsoft | 1 Sharepoint Server | 2024-05-29 | N/A | 8.8 HIGH |
Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
CVE-2023-35308 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-29 | N/A | 6.5 MEDIUM |
Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
CVE-2023-21800 | 1 Microsoft | 1 Windows Server 2008 | 2024-05-29 | N/A | 7.8 HIGH |
Windows Installer Elevation of Privilege Vulnerability | |||||
CVE-2023-21566 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-05-29 | N/A | 7.8 HIGH |
Visual Studio Elevation of Privilege Vulnerability | |||||
CVE-2023-36019 | 1 Microsoft | 2 Azure Logic Apps, Power Platform | 2024-05-29 | N/A | 7.4 HIGH |
Microsoft Power Platform Connector Spoofing Vulnerability | |||||
CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 6.5 MEDIUM |
Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
CVE-2023-29324 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 6.5 MEDIUM |
Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
CVE-2024-26185 | 2024-05-29 | N/A | 6.5 MEDIUM | ||
Windows Compressed Folder Tampering Vulnerability | |||||
CVE-2024-2917 | 2024-05-17 | 5.5 MEDIUM | 5.4 MEDIUM | ||
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | |||||
CVE-2024-2155 | 2024-05-17 | 4.0 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587. | |||||
CVE-2024-2150 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503. | |||||
CVE-2024-0265 | 1 Oretnom23 | 1 Clinic Queuing System | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. | |||||
CVE-2023-4191 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability. | |||||
CVE-2014-125059 | 1 Sternenblog Project | 1 Sternenblog | 2024-05-17 | 4.6 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers. | |||||
CVE-2024-20366 | 2024-05-15 | N/A | 7.8 HIGH | ||
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device. |