CVE-2023-37395 - IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
11/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-37395
Partager : LinkedIn / Twitter / Facebook
CVE-2024-35117 - IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
11/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-35117
Partager : LinkedIn / Twitter / Facebook
CVE-2024-55655 - sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified *if* a source of signed time (such as an inclusion promise) is present, but is otherwise trusted if no source of signed time is present. This does not affect "v1" bundles, as the "v1" bundle format always requires an inclusion promise.
Sigstore uses signed time to support verification of signatures made against short-lived signing keys. The impact and severity of this weakness is *low*, as Sigstore contains multiple other enforcing components that prevent an attacker who modifies the integration timestamp within a bundle from impersonating a valid signature. In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify). Separately, an attacker could upload a *new* entry to the transparency service, and substitute their new entry's time. However, this would still be rejected at validation time, as the new entry's (valid) signed time would be outside the validity window of the original signing certificate and would nonetheless render the attacker auditable.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-55655
Partager : LinkedIn / Twitter / Facebook
CVE-2024-55653 - PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-55653
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54133 - Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-54133
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53960 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53960
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53959 - Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53959
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53958 - Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53958
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53957 - Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53957
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53956 - Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53956
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53955 - Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53955
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53006 - Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53006
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53005 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53005
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53004 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53004
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53003 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53003
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53002 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53002
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53001 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53001
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53000 - Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-53000
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52999 - Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52999
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52993 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52993
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52992 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52992
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52991 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52991
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52865 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52865
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52864 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52864
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52862 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52862
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52861 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52861
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52860 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. User interaction is required for exploitation, as a victim must visit a malicious link or input data into a vulnerable web application.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52860
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52859 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52859
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52858 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52858
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52857 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52857
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52855 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52855
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52854 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52854
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52853 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52853
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52852 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52852
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52851 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52851
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52850 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52850
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52849 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52849
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52848 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52848
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52847 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52847
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52846 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52846
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52845 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52845
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52844 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52844
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52843 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52843
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52842 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52842
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52841 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52841
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52840 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input the malicious data themselves.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52840
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52839 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52839
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52838 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52838
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52837 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input for the exploit to execute.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52837
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52836 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52836
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52835 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52835
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52834 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52834
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52833 - Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52833
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52832 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52832
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52831 - Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52831
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52830 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52830
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52829 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52829
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52828 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52828
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52827 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52827
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52826 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52826
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52825 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52825
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52824 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52824
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52823 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52823
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52822 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52822
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52818 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52818
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52817 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52817
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52816 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-52816
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43755 - Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43755
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43754 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43754
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43752 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43752
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43751 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43751
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43750 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43750
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43749 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43749
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43748 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43748
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43747 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43747
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43746 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43746
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43745 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43745
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43744 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43744
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43743 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43743
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43742 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43742
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43740 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43740
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43739 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43739
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43738 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application and subsequently written to the web page without proper sanitization, allowing for the execution of unintended script code or the alteration of the intended user interface. User interaction is required as the victim must visit a malicious page or view a maliciously crafted link.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43738
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43737 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43737
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43736 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43736
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43735 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43735
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43734 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43734
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43733 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43733
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43732 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43732
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43731 - Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43731
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43730 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43730
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43729 - Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43729
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43728 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43728
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43727 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43727
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43726 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43726
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43725 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43725
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43724 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. Exploitation of this issue requires user interaction.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43724
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43723 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or page.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43723
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43722 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43722
Partager : LinkedIn / Twitter / Facebook
CVE-2024-43721 - Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page.
10/12/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43721
Partager : LinkedIn / Twitter / Facebook
Soutenez No Hack Me sur Tipeee
Les annonces ayant été modifiées dernièrement
CVE-2024-45676 - IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user to upload insecure files, due to insufficient file type distinction.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45676
Partager : LinkedIn / Twitter / Facebook
CVE-2024-41777 - IBM Cognos Controller 11.0.0 and 11.0.1
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41777
Partager : LinkedIn / Twitter / Facebook
CVE-2024-41776 - IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41776
Partager : LinkedIn / Twitter / Facebook
CVE-2024-41775 - IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41775
Partager : LinkedIn / Twitter / Facebook
CVE-2024-25020 - IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25020
Partager : LinkedIn / Twitter / Facebook
CVE-2024-40691 - IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40691
Partager : LinkedIn / Twitter / Facebook
CVE-2024-25036 - IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25036
Partager : LinkedIn / Twitter / Facebook
CVE-2024-25035 - IBM Cognos Controller 11.0.0 and 11.0.1
exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25035
Partager : LinkedIn / Twitter / Facebook
CVE-2024-25019 - IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25019
Partager : LinkedIn / Twitter / Facebook
CVE-2021-29892 - IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2021-29892
Partager : LinkedIn / Twitter / Facebook
CVE-2024-10074 - in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
11/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-10074
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54151 - Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54151
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54935 - A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54935
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54920 - A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54920
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54919 - A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54919
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54937 - A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54937
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54936 - A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54936
Partager : LinkedIn / Twitter / Facebook
CVE-2024-54929 - KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-54929
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12360 - A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12360
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12359 - A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12359
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12358 - A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12358
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12357 - A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12357
Partager : LinkedIn / Twitter / Facebook
CVE-2024-55580 - An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-55580
Partager : LinkedIn / Twitter / Facebook
CVE-2024-55579 - An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-55579
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12355 - A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12355
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12354 - A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12354
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12353 - A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12353
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12352 - A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12352
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12344 - A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12344
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12343 - A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12343
Partager : LinkedIn / Twitter / Facebook
CVE-2024-11010 - The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-11010
Partager : LinkedIn / Twitter / Facebook
CVE-2024-41647 - Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41647
Partager : LinkedIn / Twitter / Facebook
CVE-2024-52324 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-52324
Partager : LinkedIn / Twitter / Facebook
CVE-2024-48874 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-48874
Partager : LinkedIn / Twitter / Facebook
CVE-2024-47791 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-47791
Partager : LinkedIn / Twitter / Facebook
CVE-2024-47146 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-47146
Partager : LinkedIn / Twitter / Facebook
CVE-2024-46874 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-46874
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45722 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45722
Partager : LinkedIn / Twitter / Facebook
CVE-2024-51727 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-51727
Partager : LinkedIn / Twitter / Facebook
CVE-2024-48703 - PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-48703
Partager : LinkedIn / Twitter / Facebook
CVE-2024-47547 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-47547
Partager : LinkedIn / Twitter / Facebook
CVE-2024-47043 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-47043
Partager : LinkedIn / Twitter / Facebook
CVE-2024-42494 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-42494
Partager : LinkedIn / Twitter / Facebook
CVE-2024-55268 - A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-55268
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53142 - In the Linux kernel, the following vulnerability has been resolved:
initramfs: avoid filename buffer overrun
The initramfs filename field is defined in
Documentation/driver-api/early-userspace/buffer-format.rst as:
37 cpio_file := ALGN(4) + cpio_header + filename + "" + ALGN(4) + data
...
55 ============= ================== =========================
56 Field name Field size Meaning
57 ============= ================== =========================
...
70 c_namesize 8 bytes Length of filename, including final
When extracting an initramfs cpio archive, the kernel's do_name() path
handler assumes a zero-terminated path at @collected, passing it
directly to filp_open() / init_mkdir() / init_mknod().
If a specially crafted cpio entry carries a non-zero-terminated filename
and is followed by uninitialized memory, then a file may be created with
trailing characters that represent the uninitialized memory. The ability
to create an initramfs entry would imply already having full control of
the system, so the buffer overrun shouldn't be considered a security
vulnerability.
Append the output of the following bash script to an existing initramfs
and observe any created /initramfs_test_fname_overrunAA* path. E.g.
./reproducer.sh | gzip >> /myinitramfs
It's easiest to observe non-zero uninitialized memory when the output is
gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(),
rather than the initrd_start+initrd_size block.
---- reproducer.sh ----
nilchar="A" # change to "" to properly zero terminate / pad
magic="070701"
ino=1
mode=$(( 0100777 ))
uid=0
gid=0
nlink=1
mtime=1
filesize=0
devmajor=0
devminor=1
rdevmajor=0
rdevminor=0
csum=0
fname="initramfs_test_fname_overrun"
namelen=$(( $ + 1 )) # plus one to account for terminator
printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \
$magic $ino $mode $uid $gid $nlink $mtime $filesize \
$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname
termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) ))
printf "%.s${nilchar}" $(seq 1 $termpadlen)
---- reproducer.sh ----
Symlink filename fields handled in do_symlink() won't overrun past the
data segment, due to the explicit zero-termination of the symlink
target.
Fix filename buffer overrun by aborting the initramfs FSM if any cpio
entry doesn't carry a zero-terminator at the expected (name_len - 1)
offset.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-53142
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53141 - In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add missing range check in bitmap_ip_uadt
When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.
So we should add missing range checks and remove unnecessary range checks.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-53141
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53457 - A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-53457
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12234 - A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12234
Partager : LinkedIn / Twitter / Facebook
CVE-2024-12233 - A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-12233
Partager : LinkedIn / Twitter / Facebook
CVE-2024-53471 - Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.
10/12/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-53471
Partager : LinkedIn / Twitter / Facebook