CVE List - 2024 / August
Showing 801 - 900 of 2898 CVEs for August 2024 (Page 9 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7657 | 2024-08-11 | Gila CMS HTTP POST Request page cross site scripting |
| CVE-2024-7658 | 2024-08-11 | projectsend process.php get_preview resource injection |
| CVE-2024-7659 | 2024-08-11 | projectsend Password Reset Token functions.php generate_random_string random values |
| CVE-2024-6640 | 2024-08-11 | pf incorrectly matches different ICMPv6 states in the state table |
| CVE-2024-6760 | 2024-08-11 | ktrace(2) fails to detach when executing a setuid binary |
| CVE-2024-6759 | 2024-08-11 | NFS client accepts file names containing path separators |
| CVE-2024-7660 | 2024-08-11 | SourceCodester File Manager App Add File cross site scripting |
| CVE-2024-7589 | 2024-08-11 | OpenSSH pre-authentication async signal safety issue |
| CVE-2024-7661 | 2024-08-11 | SourceCodester Car Driving School Management System index.php save_users cross-site request forgery |
| CVE-2024-7662 | 2024-08-11 | SourceCodester Car Driving School Management System manag_package.php save_package cross-site request forgery |
| CVE-2024-7663 | 2024-08-11 | SourceCodester Car Driving School Management System manage_user.php sql injection |
| CVE-2024-7664 | 2024-08-11 | SourceCodester Car Driving School Management System view_details.php sql injection |
| CVE-2024-7665 | 2024-08-11 | SourceCodester Car Driving School Management System manage_package.php sql injection |
| CVE-2024-7666 | 2024-08-11 | SourceCodester Car Driving School Management System view_package.php sql injection |
| CVE-2024-7667 | 2024-08-11 | SourceCodester Car Driving School Management System User.php delete_users sql injection |
| CVE-2024-7668 | 2024-08-11 | SourceCodester Car Driving School Management System Master.php delete_package sql injection |
| CVE-2024-7669 | 2024-08-11 | SourceCodester Car Driving School Management System Master.php delete_enrollment sql injection |
| CVE-2024-7676 | 2024-08-11 | Sourcecodester Car Driving School Management System Master.php save_package sql injection |
| CVE-2024-7677 | 2024-08-11 | SourceCodester Car Driving School Management System SystemSettings.php update_settings_info cross site scripting |
| CVE-2024-7678 | 2024-08-11 | SourceCodester Car Driving School Management System Master.php cross site scripting |
| CVE-2024-7680 | 2024-08-11 | itsourcecode Tailoring Management System incedit.php sql injection |
| CVE-2024-7681 | 2024-08-11 | code-projects College Management System Login Page login.php sql injection |
| CVE-2023-48171 | 2024-08-12 | An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. |
| CVE-2024-27442 | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges... |
| CVE-2024-39091 | 2024-08-12 | An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML... |
| CVE-2024-41475 | 2024-08-12 | Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. |
| CVE-2024-41651 | 2024-08-12 | An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that... |
| CVE-2024-42520 | 2024-08-12 | TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. |
| CVE-2024-42543 | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. |
| CVE-2024-42545 | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. |
| CVE-2024-42546 | 2024-08-12 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. |
| CVE-2024-42547 | 2024-08-12 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. |
| CVE-2024-42623 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 |
| CVE-2024-42624 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10. |
| CVE-2024-42625 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add |
| CVE-2024-42626 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. |
| CVE-2024-42627 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. |
| CVE-2024-42628 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. |
| CVE-2024-42629 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. |
| CVE-2024-42630 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. |
| CVE-2024-42631 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. |
| CVE-2024-42632 | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. |
| CVE-2024-42741 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42742 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42743 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42744 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42745 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42747 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-42748 | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
| CVE-2024-27443 | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of... |
| CVE-2024-33533 | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface.... |
| CVE-2024-33535 | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages... |
| CVE-2024-33536 | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and... |
| CVE-2024-36877 | 2024-08-12 | Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain... |
| CVE-2024-40500 | 2024-08-12 | Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. |
| CVE-2024-41710 | 2024-08-12 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege... |
| CVE-2024-7682 | 2024-08-12 | code-projects Job Portal rw_i_nat.php sql injection |
| CVE-2024-7683 | 2024-08-12 | SourceCodester Kortex Lite Advocate Office Management System addcase_stage.php cross site scripting |
| CVE-2024-7684 | 2024-08-12 | SourceCodester Kortex Lite Advocate Office Management System add_act.php cross site scripting |
| CVE-2024-7685 | 2024-08-12 | SourceCodester Kortex Lite Advocate Office Management System adds.php cross site scripting |
| CVE-2024-7686 | 2024-08-12 | SourceCodester Kortex Lite Advocate Office Management System register_case.php cross site scripting |
| CVE-2024-7693 | 2024-08-12 | Team Johnlong software Raiden MAILD Remote Management System - Arbitrary File Reading through Path Traversal |
| CVE-2024-7694 | 2024-08-12 | TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload |
| CVE-2024-5527 | 2024-08-12 | SQL Injection |
| CVE-2024-5651 | 2024-08-12 | Fence-agents-remediation: fence agent command line options leads to remote code execution |
| CVE-2024-5487 | 2024-08-12 | SQL Injection |
| CVE-2024-36518 | 2024-08-12 | SQL Injection |
| CVE-2024-36035 | 2024-08-12 | SQL Injection |
| CVE-2024-36034 | 2024-08-12 | SQL Injection |
| CVE-2024-7697 | 2024-08-12 | Logical vulnerability in com.transsion.carlcare |
| CVE-2024-6758 | 2024-08-12 | Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E |
| CVE-2024-42163 | 2024-08-12 | Password Manipulation |
| CVE-2024-42164 | 2024-08-12 | Disabling MFA without Authentication |
| CVE-2024-42165 | 2024-08-12 | Arbitrary User Activation |
| CVE-2024-42166 | 2024-08-12 | Command Injection in Applicationname |
| CVE-2024-42167 | 2024-08-12 | Command Injection in Organisationname |
| CVE-2024-6684 | 2024-08-12 | Authentication Bypass in GST Electronics' inohom Nova Panel N7 |
| CVE-2024-6639 | 2024-08-12 | MDx <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode |
| CVE-2024-42258 | 2024-08-12 | mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines |
| CVE-2024-38530 | 2024-08-12 | Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php" |
| CVE-2024-6917 | 2024-08-12 | RCE in Veribilim Software's Veribase Order Management |
| CVE-2024-21550 | 2024-08-12 | SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers... |
| CVE-2024-42477 | 2024-08-12 | llama.cpp global-buffer-overflow in ggml_type_size |
| CVE-2024-42478 | 2024-08-12 | llama.cpp allows Arbitrary Address Read in rpc_server::get_tensor |
| CVE-2024-42479 | 2024-08-12 | llama.cpp allows write-what-where in rpc_server::set_tensor |
| CVE-2024-42480 | 2024-08-12 | Kamaji's RBAC Roles for `etcd` are not disjunct |
| CVE-2024-42481 | 2024-08-12 | Complete crash of host system due to calculateDirectorySize in skyportd |
| CVE-2024-42482 | 2024-08-12 | fish-shop/syntax-check Improper Neutralization of Delimiters |
| CVE-2024-42485 | 2024-08-12 | Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint |
| CVE-2024-42489 | 2024-08-12 | Pro Macros Remote Code Execution via Viewpdf and similar macros |
| CVE-2023-7249 | 2024-08-12 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. |
| CVE-2024-41909 | 2024-08-12 | Apache MINA SSHD: integrity check bypass |
| CVE-2024-7700 | 2024-08-12 | Foreman: command injection in "host init config" template via "install packages" field on foreman |
| CVE-2024-42474 | 2024-08-12 | Streamlit Path Traversal Security Vulnerability on Windows |
| CVE-2024-6768 | 2024-08-12 | Denial of Service in CLFS.sys |
| CVE-2024-40892 | 2024-08-12 | Firewalla BTLE Weak Credentials |
| CVE-2024-40893 | 2024-08-12 | Firewalla BTLE Authenticated Command Injection |
| CVE-2023-41884 | 2024-08-12 | ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php |
| CVE-2024-7704 | 2024-08-12 | Weaver e-cology Source Code ecology_dev.zip information disclosure |
| CVE-2024-43358 | 2024-08-12 | XSS vulnerability in filter view |