Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2588 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2587 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2586 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2585 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2584 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28547 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28537 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27774 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27773 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27772 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27771 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE Published: March 18, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27770 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal Published: March 18, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27769 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices Published: March 18, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27768 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE Published: March 18, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27767 |
CWE-287: Improper Authentication may allow Authentication Bypass Published: March 18, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2496 |
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. Published: March 18, 2024; 9:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2002 |
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. Published: March 18, 2024; 9:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28550 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. Published: March 18, 2024; 9:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-7250 |
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. Published: March 18, 2024; 9:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20767 |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. Published: March 18, 2024; 8:15:06 AM -0400 |
V3.1: 8.2 HIGH V2.0:(not available) |