6.9

CVSS4.0

CVE-2024-11257 - 1000 Projects Beauty Parlour Management System forgot-password.php sql injection

A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploi…

πŸ“… Published: Nov. 15, 2024, 7:31 p.m. πŸ”„ Last Modified: Nov. 19, 2024, 9:24 p.m.

6.9

CVSS4.0

CVE-2024-11256 - 1000 Projects Portfolio Management System MCA login.php sql injection

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been …

πŸ“… Published: Nov. 15, 2024, 7:31 p.m. πŸ”„ Last Modified: Nov. 19, 2024, 9:49 p.m.

9.2

CVSS4.0

CVE-2024-10934 - OpenBSD NFS double-free vulnerability

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

πŸ“… Published: Nov. 15, 2024, 7:20 p.m. πŸ”„ Last Modified: Oct. 2, 2025, 3:15 p.m.

6.5

CVSS3.1

CVE-2024-45608 - GLPI has an Authenticated SQL Injection

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:24 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:20 p.m.

6.5

CVSS3.1

CVE-2024-43418 - GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:23 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:20 p.m.

6.5

CVSS3.1

CVE-2024-43417 - Reflected XSS in Software form

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:22 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:21 p.m.

6.5

CVSS3.1

CVE-2024-41679 - Authenticated SQL injection in ticket form

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:20 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:21 p.m.

6.5

CVSS3.1

CVE-2024-41678 - GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:08 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:21 p.m.

8.1

CVSS3.1

CVE-2024-40638 - GLPI allows account takeover via SQL Injection in AJAX scripts

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.

πŸ“… Published: Nov. 15, 2024, 6:06 p.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:30 p.m.

5.3

CVSS4.0

CVE-2024-11251 - erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection

A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiate…

πŸ“… Published: Nov. 15, 2024, 6 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:03 p.m.
Total resulsts: 343968
Page 7330 of 34,397
Β« previous page Β» next page
Filters