Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-34314 |
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25514 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25513 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25511 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25510 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25509 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34517 |
The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34397 |
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25512 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25508 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25507 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42757 |
Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling. Published: May 07, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33860 |
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. Published: May 07, 2024; 1:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33859 |
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. Published: May 07, 2024; 1:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33164 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Published: May 07, 2024; 1:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33161 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Published: May 07, 2024; 1:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33155 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Published: May 07, 2024; 1:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33153 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Published: May 07, 2024; 1:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33149 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Published: May 07, 2024; 1:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33148 |
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Published: May 07, 2024; 1:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |