CVE-2024-28595

Public exploit
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-19
Updated
2024-03-19

CVE-2024-27747

Public exploit
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27746

Public exploit
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27744

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27743

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27612

Public exploit
Numbas editor before 7.3 mishandles editing of themes and extensions.
Max CVSS
N/A
EPSS Score
0.14%
Published
2024-03-08
Updated
2024-03-08

CVE-2024-25832

Public exploit
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-25830

Public exploit
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-24401

Public exploit
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26

CVE-2024-24050

Public exploit
Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-20
Updated
2024-03-21

CVE-2024-23749

Public exploit
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Max CVSS
N/A
EPSS Score
0.08%
Published
2024-02-09
Updated
2024-02-09

CVE-2024-2054

Public exploit
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
Max CVSS
N/A
EPSS Score
0.51%
Published
2024-03-05
Updated
2024-03-21

CVE-2023-38035

Known exploited
Public exploit
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Max CVSS
N/A
EPSS Score
97.24%
Published
2023-08-21
Updated
2023-08-21
CISA KEV Added
2023-08-22

CVE-2022-24989

Public exploit
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
Max CVSS
N/A
EPSS Score
0.32%
Published
2023-08-20
Updated
2023-08-21

CVE-1999-0532

Public exploit
A DNS server allows zone transfers.
Max CVSS
N/A
EPSS Score
97.54%
Published
1997-07-01
Updated
2022-08-17
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
2068 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!