securenvoy-cve-2024-37393 RESPONSIBLE DISCLOSURE...
7.5CVSS
7.7AI Score
0.013EPSS
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...
7.5CVSS
6.7AI Score
0.004EPSS
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...
7.5CVSS
7.7AI Score
0.013EPSS
Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
6.9AI Score
0.0004EPSS
Justice AV Solutions JVS Viewer Installed (Windows)
Justice AV Solutions JVS Viewer is installed on the remote Windows...
7.4AI Score
Automated Solutions Modbus/TCP OPC Server Detection
Automated Solutions' Modbus/TCP OPC Server is installed on the remote Windows...
2.3AI Score
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL...
8.7AI Score
0.005EPSS
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in...
6.8AI Score
0.003EPSS
solutions-ressources-humaines.com Cross Site Scripting vulnerability OBB-3872295
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Justice AV Solutions JVS Viewer Embedded Malicious Code (CVE-2024-4978)
The version of Justice AV Solutions JVS Viewer installed on the remote host is 8.3.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4978 advisory. Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an...
8.4CVSS
7.2AI Score
0.028EPSS
The remote host contains the Automated Solutions Modbus TCP Slave ActiveX control, which allows a PC to emulate a Modbus Serial and / or TCP slave device. The version of this control installed on the remote host reportedly contains a buffer overflow issue with the Modbus/TCP Diagnostic function...
3.2AI Score
Exploit for Deserialization of Untrusted Data in Clear Clearml
NOTE: this cve was not found by me, i'm simply reuploading a...
8.8CVSS
6.8AI Score
0.001EPSS
Grandstream Networking Solutions Device Web Detection
The web interface for a Grandstream Networking Solutions device, such as a router or wireless access point, was detected on the remote...
2.2AI Score
CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...
8.4CVSS
7AI Score
0.028EPSS
CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...
8.4CVSS
8.4AI Score
0.028EPSS
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
Logs storing credentials are insufficiently protected and can be decoded through the use of open source...
7AI Score
0.0004EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Logs storing credentials are insufficiently protected and can be decoded through the use of open source...
0.0004EPSS
7.5CVSS
7.9AI Score
0.005EPSS
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: ...
8.8CVSS
8.5AI Score
0.0005EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
5.4AI Score
0.001EPSS
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...
0.0004EPSS
Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration
By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace...
7.3AI Score
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...
6.6AI Score
0.0004EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
7.1AI Score
0.001EPSS
A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the...
2.4CVSS
3.7AI Score
0.0004EPSS
7AI Score
0.0004EPSS
7.5CVSS
6.7AI Score
0.013EPSS
7.5CVSS
7.1AI Score
EPSS
Sensitive customer information is stored in the device without...
6.7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
8.8AI Score
0.001EPSS
Sensitive customer information is stored in the device without...
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...
7.2AI Score
0.0004EPSS
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...
0.0004EPSS
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate...
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590 Deserialization of untrusted data can occur in...
8.8CVSS
7.2AI Score
0.001EPSS
Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before...
9.8CVSS
9.8AI Score
0.975EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtlocation-6.7.1-1.fc40
The Qt Location API helps you create viable mapping solutions using the data available from some of the popular location...
6.3AI Score
0.0004EPSS
azure-file-csi-driver leaks service account tokens in the logs
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when....
6.5CVSS
6.3AI Score
0.0004EPSS
Joomla! Component MS Comment 0.8.0b - Local File Inclusion
A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...
6.6AI Score
0.035EPSS
azure-file-csi-driver leaks service account tokens in the logs
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when....
6.5CVSS
6.3AI Score
0.0004EPSS
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for...
6.5CVSS
5.7AI Score
0.001EPSS
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password...
7.5AI Score
0.0004EPSS
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...
0.0004EPSS
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password...
0.0004EPSS