Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-1753 |
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2599 |
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2598 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2597 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2596 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2595 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2594 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2593 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2592 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2591 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2590 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2589 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2588 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2587 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2586 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2585 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2584 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28547 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. Published: March 18, 2024; 10:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28537 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27774 |
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware Published: March 18, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |