JAL Information Technology Co., Ltd. Security Vulnerabilities

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to...

Premium Addons for Elementor < 4.10.32 - Missing Authorization to Information Disclosure

Description The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with...

CVE-2024-0488

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack...

CVE-2024-0478

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-0477

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated...

CVE-2024-0468

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can.....

CVE-2023-3680

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is...

CVE-2023-3018

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has....

CVE-2023-2667

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched...

Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)

The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard...

CVE-2024-0484

A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be...

CVE-2024-0485

A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely......

CVE-2023-3176

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely....

CVE-2023-2699

A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads.....

CVE-2023-2698

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

co-vier.nl Improper Access Control vulnerability OBB-3863290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Intel Management Engine Active Management Technology (AMT) Remote Access Enabled

The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is remotely...

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Check-Point-Remote-Access-VPN...

Exploit for Use After Free in Qemu

CVE-2021-3929-3947 VM escape PoC for...

CVE-2024-32051

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive...

Kubernetes Sensitive Information leak via Log File

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects &lt; v1.19.3, &lt; v1.18.10, &lt;...

Geutebruck - Remote Command Injection

Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected...

CVE-2023-3850

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the...

CVE-2023-3679

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id...

CVE-2023-2672

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the....

CVE-2023-2670

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The...

CVE-2023-2652

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....

Boelter Blue System Management 1.3 SQL Injection

...

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

Summary Vulnerability in Python could allow a remote attacker to obtain sensitive information (CVE-2024-28757). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain...

CVE-2024-0487

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched...

CVE-2023-5018

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

CVE-2023-3177

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely......

CVE-2023-2671

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message...

CVE-2023-2669

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection....

Sensitive Information Disclosure

nebari is vulnerable to Privilege Escalation. This vulnerability due to printing the temporary Keycloak root password to console during project initialization, which results in sensitive information...

FengOffice 3.11.1.2 SQL Injection

...

Kubernetes Sensitive Information leak via Log File

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects &lt; v1.19.3, &lt; v1.18.10, &lt;...

Security Bulletin: IBM Jazz Reporting Service is vulnerable to Information Disclosure (CVE-2024-25052)

Summary If Jazz Authentication Service is enabled, IBM Jazz Reporting System shows the JSA Client Secret in plain text. Vulnerability Details ** CVEID: CVE-2024-25052 DESCRIPTION: **IBM Jazz Reporting Service stores user credentials in plain clear text which can be read by an Admin user. CVSS...

Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs

Description The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in...

WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Exploit CVE Identifier: CVE-2024-24919...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-POC Read about it -...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Exploit for CVE-2024-24919 Description This Python...

Release Information for Veeam Service Provider Console 7 Cumulative Patches

Release Information for Veeam Service Provider Console 7 Cumulative...

CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...

Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...