5.4
CVE-2024-38039 - BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS.
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victimβs browser (no stateful change made or customer data rendered).
6.1
CVE-2024-8148 - BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
6.1
CVE-2024-38037 - BUG-000167983 - Unvalidated redirect in Portal for ArcGIS
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
8.1
CVE-2024-47183 - Parse Server's custom object ID allows to acquire role privileges
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquβ¦
7.5
CVE-2024-47769 - IDURAR has a Path Traversal (unauthenticated user can read sensitive data)
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement withβ¦
6.9
CVE-2024-47768 - Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker β¦
6.9
CVE-2024-47765 - Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItβ¦
8.7
CVE-2024-9515 - D-Link DIR-605L formSetQoS buffer overflow
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has beenβ¦
8.7
CVE-2024-9514 - D-Link DIR-605L formSetDomainFilter buffer overflow
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. β¦
5.3
CVE-2024-9410 - Ada.cx SSRF via Sentry Misconfiguration
Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.