Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3039 |
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31140 |
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31139 |
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31138 |
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31137 |
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31136 |
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31135 |
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31134 |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30612 |
Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30604 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30603 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30602 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30601 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30600 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30599 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30598 |
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30597 |
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0259 |
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45715 |
The console may experience a service interruption when processing file names with invalid characters. Published: March 28, 2024; 11:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45706 |
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. Published: March 28, 2024; 11:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |