ZM Ajax Login & Register Security Vulnerabilities
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...
8.6AI Score
Improper line feed handling in zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
6.6AI Score
0.0004EPSS
Improper line feed handling in zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
6.8AI Score
0.0004EPSS
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
0.0004EPSS
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
6.8AI Score
0.0004EPSS
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-4460 DoS Vulnerability in zenml-io/zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
0.0004EPSS
CVE-2024-4460 DoS Vulnerability in zenml-io/zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
6.5AI Score
0.0004EPSS
7.5AI Score
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
9.8CVSS
7.1AI Score
0.005EPSS
7.3AI Score
0.0004EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
9.8CVSS
7.5AI Score
0.001EPSS
7.4AI Score
7.4AI Score
Netis MW5360 Remote Command Execution Exploit
The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...
9.8CVSS
7.8AI Score
0.005EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
8.4AI Score
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...
7.3CVSS
0.0004EPSS
CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...
7.3CVSS
0.0004EPSS
CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...
7.3CVSS
7.3AI Score
0.0004EPSS
Exploit for Race Condition in Solarwinds Solarwinds Platform
CVE-2024-28999 Exploit for CVE-2024-28999 SolarWinds Platform...
8.1CVSS
7.1AI Score
0.017EPSS
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: Run...
7.5AI Score
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
6.3AI Score
0.0005EPSS
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
5AI Score
0.0005EPSS
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
5AI Score
0.0005EPSS
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
6.3AI Score
0.0005EPSS
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
6AI Score
0.0005EPSS
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
6.1AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
4.5AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
6AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
6.3AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
6.3AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
4.7AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
4.7AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.2CVSS
6.3AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.2CVSS
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
4.2CVSS
6AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
4.2CVSS
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.2CVSS
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...
9.8CVSS
8.9AI Score
0.967EPSS
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....
9.8CVSS
7.8AI Score
0.001EPSS