Search Results (120458 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6801 1 Online Student Management System Project 1 Online Student Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.
CVE-2024-6794 1 Ni 1 Veristand 2024-11-21 9.8 Critical
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
CVE-2024-6793 1 Ni 1 Veristand 2024-11-21 9.8 Critical
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
CVE-2024-6791 1 Ni 1 Veristand 2024-11-21 7.8 High
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.
CVE-2024-6759 1 Freebsd 1 Freebsd 2024-11-21 5.3 Medium
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
CVE-2024-6745 1 Code-projects 1 Simple Ticket Booking 2024-11-21 7.3 High
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.
CVE-2024-6744 1 Cellopoint 1 Secure Email Gateway 2024-11-21 9.8 Critical
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.
CVE-2024-6743 1 Space Management System Project 1 Space Management System 2024-11-21 9.8 Critical
AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-6742 1 Space Management System Project 1 Space Management System 2024-11-21 5.4 Medium
AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.
CVE-2024-6741 1 Openfind 1 Mail2000 2024-11-21 5.8 Medium
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
CVE-2024-6740 1 Openfind 1 Mail2000 2024-11-21 6.1 Medium
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
CVE-2024-6739 1 Openfind 2 Mailaudit, Mailgates 2024-11-21 5.3 Medium
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
CVE-2024-6738 1 Wisdomgarden 1 Tronclass 2024-11-21 5.3 Medium
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
CVE-2024-6737 1 Electronic Official Document Management System Project 1 Electronic Official Document Management System 2024-11-21 8.8 High
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
CVE-2024-6736 1 Oretnom23 1 Employee And Visitor Gate Pass Logging System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.
CVE-2024-6735 1 Angeljudesuarez 1 Tailoring Management System 2024-11-21 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271456.
CVE-2024-6734 1 Angeljudesuarez 1 Tailoring Management System 2024-11-21 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file templateadd.php. The manipulation of the argument title/msg leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271455.
CVE-2024-6733 1 Angeljudesuarez 1 Tailoring Management System 2024-11-21 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file templateedit.php. The manipulation of the argument id/title/msg leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271454 is the identifier assigned to this vulnerability.
CVE-2024-6732 1 Oretnom23 1 Student Study Center Desk Management System 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-6731 1 Oretnom23 1 Student Study Center Desk Management System 2024-11-21 6.3 Medium
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.