Total
6047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3178 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | |||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2011-1830 | 1 Ekiga | 1 Ekiga | 2024-11-21 | 6.8 MEDIUM | 5.7 MEDIUM |
| Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. | |||||
| CVE-2024-11240 | 1 Ibphoenix | 1 Ibwebadmin | 2024-11-20 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11246 | 1 Anisha | 1 Farmacia | 2024-11-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well. | |||||
| CVE-2024-11247 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-11-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-11259 | 1 Code-projects | 1 Farmacia | 2024-11-19 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49048 | 1 Microsoft | 1 Torchgeo | 2024-11-18 | N/A | 8.1 HIGH |
| TorchGeo Remote Code Execution Vulnerability | |||||
| CVE-2024-11102 | 1 Mayurik | 1 Hospital Management System | 2024-11-18 | 4.0 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-11175 | 1 Publiccms | 1 Publiccms | 2024-11-15 | 4.0 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-11130 | 1 Zzcms | 1 Zzcms | 2024-11-15 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10958 | 1 Wppa | 1 Wp Photo Album Plus | 2024-11-14 | N/A | 7.3 HIGH |
| The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-10263 | 1 Tickera | 1 Tickera | 2024-11-08 | N/A | 7.3 HIGH |
| The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-47826 | 1 Elabftw | 1 Elabftw | 2024-11-08 | N/A | 6.1 MEDIUM |
| eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message. This means that injected HTML will appear in a red "alert/danger" box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack. As such, this attack is deemed low impact. Users should upgrade to at least version 5.1.5 to receive a patch. No known workarounds are available. | |||||
| CVE-2024-51329 | 1 Idrsdev | 1 Agile-board | 2024-11-06 | N/A | 8.8 HIGH |
| A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. | |||||
| CVE-2024-47158 | 1 Neumann | 1 N-line | 2024-11-06 | N/A | 5.4 MEDIUM |
| N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website. | |||||
| CVE-2024-10505 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-06 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9846 | 1 Aftabhusain | 1 Enable Shortcodes Inside Widgets\,comments And Experts | 2024-11-06 | N/A | 7.3 HIGH |
| The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-37846 | 1 Radixiot | 1 Mango | 2024-11-05 | N/A | 4.6 MEDIUM |
| MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. | |||||
| CVE-2024-37845 | 1 Radixiot | 1 Mango | 2024-11-04 | N/A | 7.2 HIGH |
| MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. | |||||