7.2
CVE-2024-4869 - WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Script…
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke…
4.3
CVE-2024-29953 - Encoded session passwords on session storage for Virtual Fabric platforms
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.
9.3
CVE-2024-6060 -
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
5.4
CVE-2024-30112 - HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials an…
5.3
CVE-2024-5019 - WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges.
5.3
CVE-2024-5018 - WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .
6.5
CVE-2024-5017 - WhatsUp Gold AppProfileImport path traversal vulnerability
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.
7.2
CVE-2024-5016 - WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage fo…
7.1
CVE-2024-5015 - WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.
7.1
CVE-2024-5014 - WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.