5.3
CVE-2024-35175 - sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address
sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as tβ¦
9.8
CVE-2024-31466 - Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities resβ¦
8.8
CVE-2023-33327 - WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.
5.4
CVE-2024-4562 - WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettinβ¦
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.Β Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Rβ¦
4.2
CVE-2024-4561 - WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
8.1
CVE-2020-26312 - GHSL-2020-254: Arbitrary file read and/or write in dotmesh
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.Β β¦
7.2
CVE-2022-28132 -
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication β¦
7.8
CVE-2024-31556 -
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
7.2
CVE-2021-22280 - DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
7.5
CVE-2024-3676 -
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.Β These accountsβ¦