Search Results (363915 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6802 1 Computer Laboratory Management System Project 1 Computer Laboratory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-6801 1 Online Student Management System Project 1 Online Student Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.
CVE-2024-6794 1 Ni 1 Veristand 2024-11-21 9.8 Critical
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
CVE-2024-6793 1 Ni 1 Veristand 2024-11-21 9.8 Critical
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
CVE-2024-6791 1 Ni 1 Veristand 2024-11-21 7.8 High
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.
CVE-2024-6760 1 Freebsd 1 Freebsd 2024-11-21 7.5 High
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
CVE-2024-6759 1 Freebsd 1 Freebsd 2024-11-21 5.3 Medium
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
CVE-2024-6746 2 Easyspider, Microsoft 2 Easyspider, Windows 2024-11-21 4.3 Medium
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".
CVE-2024-6745 1 Code-projects 1 Simple Ticket Booking 2024-11-21 7.3 High
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.
CVE-2024-6744 1 Cellopoint 1 Secure Email Gateway 2024-11-21 9.8 Critical
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.
CVE-2024-6743 1 Space Management System Project 1 Space Management System 2024-11-21 9.8 Critical
AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-6742 1 Space Management System Project 1 Space Management System 2024-11-21 5.4 Medium
AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.
CVE-2024-6741 1 Openfind 1 Mail2000 2024-11-21 5.8 Medium
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
CVE-2024-6740 1 Openfind 1 Mail2000 2024-11-21 6.1 Medium
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
CVE-2024-6739 1 Openfind 2 Mailaudit, Mailgates 2024-11-21 5.3 Medium
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
CVE-2024-6738 1 Wisdomgarden 1 Tronclass 2024-11-21 5.3 Medium
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
CVE-2024-6737 1 Electronic Official Document Management System Project 1 Electronic Official Document Management System 2024-11-21 8.8 High
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
CVE-2024-6736 1 Oretnom23 1 Employee And Visitor Gate Pass Logging System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.
CVE-2024-6735 1 Angeljudesuarez 1 Tailoring Management System 2024-11-21 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271456.
CVE-2024-6734 1 Angeljudesuarez 1 Tailoring Management System 2024-11-21 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file templateadd.php. The manipulation of the argument title/msg leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271455.