Show filters
325,667 Total Results
Displaying 991-1,000 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-43692
Disclosure Date: September 25, 2024 (last updated October 02, 2024)
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
0
Attacker Value
Unknown
CVE-2024-43423
Disclosure Date: September 25, 2024 (last updated October 02, 2024)
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
0
Attacker Value
Unknown
CVE-2024-42797
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
0
Attacker Value
Unknown
CVE-2024-42507
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
0
Attacker Value
Unknown
CVE-2024-42506
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
0
Attacker Value
Unknown
CVE-2024-42505
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
0
Attacker Value
Unknown
CVE-2024-41725
Disclosure Date: September 25, 2024 (last updated October 01, 2024)
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
0
Attacker Value
Unknown
CVE-2024-39928
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
0
Attacker Value
Unknown
CVE-2024-38324
Disclosure Date: September 25, 2024 (last updated October 01, 2024)
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
0
Attacker Value
Unknown
CVE-2024-21545
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API.
When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.
Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read.
The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
0