Часть #2

Часть #2

🤖 PosiDev prepost bot

121. 🐛 CVE-2024-1926

🚨 Severity - 6.3
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.
Полезные ссылки:
nan

122. 🐛 CVE-2024-1954

🚨 Severity - 6.3
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Полезные ссылки:
nan

123. 🐛 CVE-2024-0560

🚨 Severity - 6.3
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.
Полезные ссылки:
Ссылка на фикс/issue

124. 🐛 CVE-2023-7106

🚨 Severity - 6.3
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.
Полезные ссылки:
nan

125. 🐛 CVE-2024-1927

🚨 Severity - 6.3
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863.
Полезные ссылки:
nan

126. 🐛 CVE-2024-2021

🚨 Severity - 6.3
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Полезные ссылки:
nan

127. 🐛 CVE-2024-2022

🚨 Severity - 6.3
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Полезные ссылки:
nan

128. 🐛 CVE-2024-2067

🚨 Severity - 6.3
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.
Полезные ссылки:
nan

129. 🐛 CVE-2024-2069

🚨 Severity - 6.3
A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255384.
Полезные ссылки:
nan

130. 🐛 CVE-2024-2073

🚨 Severity - 6.3
A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.
Полезные ссылки:
nan

131. 🐛 CVE-2024-2074

🚨 Severity - 6.3
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.
Полезные ссылки:
nan

132. 🐛 CVE-2024-2077

🚨 Severity - 6.3
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability.
Полезные ссылки:
nan

133. 🐛 CVE-2024-2148

🚨 Severity - 6.3
A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255501 was assigned to this vulnerability.
Полезные ссылки:
nan

134. 🐛 CVE-2024-2153

🚨 Severity - 6.3
A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability.
Полезные ссылки:
nan

135. 🐛 CVE-2024-2154

🚨 Severity - 6.3
A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255586 is the identifier assigned to this vulnerability.
Полезные ссылки:
nan

136. 🐛 CVE-2024-2156

🚨 Severity - 6.3
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588.
Полезные ссылки:
nan

137. 🐛 CVE-2023-48682

🚨 Severity - 6.1
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
Полезные ссылки:
nan

138. 🐛 CVE-2024-1932

🚨 Severity - 6.1
Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout
Полезные ссылки:
nan

139. 🐛 CVE-2023-6923

🚨 Severity - 6.1
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Полезные ссылки:
nan

140. 🐛 CVE-2024-0590

🚨 Severity - 6.1
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Полезные ссылки:
nan

141. 🐛 CVE-2024-0821

🚨 Severity - 6.1
The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Полезные ссылки:
nan

142. 🐛 CVE-2024-1619

🚨 Severity - 6.1
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.
Полезные ссылки:
nan

143. 🐛 CVE-2023-6917

🚨 Severity - 6.0
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Полезные ссылки:
nan

144. 🐛 CVE-2023-37495

🚨 Severity - 5.9
Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .
Полезные ссылки:
nan

145. 🐛 CVE-2023-6565

🚨 Severity - 5.9
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
Полезные ссылки:
nan

146. 🐛 CVE-2024-1434

🚨 Severity - 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1.
Полезные ссылки:
nan

147. 🐛 CVE-2024-23501

🚨 Severity - 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788.
Полезные ссылки:
nan

148. 🐛 CVE-2024-23492

🚨 Severity - 5.7
A weak encoding is used to transmit credentials for WS203VICM.
Полезные ссылки:
nan

149. 🐛 CVE-2024-1920

🚨 Severity - 5.6
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key
. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.
Полезные ссылки:
nan

Report Page