Total
8766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1431 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1435 | 2024-08-01 | 5.3 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6. | ||||
| CVE-2024-1405 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1098 | 1 Ruifang-tech | 1 Rebuild | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. | ||||
| CVE-2024-1033 | 1 Openbi Project | 1 Openbi | 2024-08-01 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. | ||||
| CVE-2024-0717 | 1 Dlink | 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more | 2024-08-01 | 5.3 Medium |
| A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0569 | 1 Totolink | 2 T8, T8 Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. | ||||
| CVE-2024-0490 | 1 Huaxiaerp | 1 Huaxia Erp | 2024-08-01 | 5.3 Medium |
| A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595. | ||||
| CVE-2024-0242 | 1 Johnsoncontrols | 4 Qolsys Iq4 Hub, Qolsys Iq4 Hub Firmware, Qolsys Iq Panel 4 and 1 more | 2024-08-01 | 7.3 High |
| Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | ||||
| CVE-1999-1462 | 1 Bb4 | 1 Big Brother | 2024-08-01 | N/A |
| Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files. | ||||
| CVE-1999-1136 | 1 Hp | 2 Hp-ux, Mpe Ix | 2024-08-01 | N/A |
| Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. | ||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | ||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2024-08-01 | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | ||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2024-08-01 | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | ||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-08-01 | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2024-08-01 | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | ||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2024-08-01 | N/A |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | ||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2024-08-01 | N/A |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | ||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-08-01 | 7.5 High |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
| CVE-2024-6687 | 1 Thisfunctional | 1 Ctt Expresso Para Woocommerce | 2024-08-01 | 5.3 Medium |
| The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses | ||||