Aggregator

A vulnerability classified as problematic has been found in theeventscalendar The Events Calendar Plugin up to 6.8.2.0 on WordPress. Affected is an unknown function of the component REST API. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-5333. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in CyberPanel. Affected by this issue is some unknown functionality of the file plogical/phpmyadminsignin.php. The manipulation of the argument token/username leads to cross site scripting. This vulnerability is handled as CVE-2024-56112. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FastNetMon Community Edition up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the component Zero-length Templates for Netflow. The manipulation leads to divide by zero. This vulnerability is traded as CVE-2024-56073. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FastNetMon Community Edition up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component sFlow v5 Plugin. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-56072. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in gitingest. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2024-56074. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Syncfusion Essential Studio for ASP.NET MVC up to 27.1.54. This vulnerability affects unknown code of the component Parameter Handler. The manipulation of the argument request leads to path traversal. This vulnerability was named CVE-2024-55970. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Syncfusion Essential Studio for ASP.NET MVC up to 27.1.54. This issue affects some unknown processing of the component docx Document Handler. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2024-55969. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Menlo On-Premise Appliance up to 2.88.0/2.89.0/2.90.0. Affected is an unknown function of the component Web Policy. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2023-29476. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lumos up to 1.0.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ChatBar.tsx of the component markdown-to-jsx. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56082. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cognition Devin and classified as problematic. Affected by this issue is some unknown functionality of the component VSCode Live Share URL Handler. The manipulation leads to insufficiently random values. This vulnerability is handled as CVE-2024-56083. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Giving Tithe.ly Giving Button Plugin up to 1.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11841. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Logpoint UniversalNormalizer up to 5.6.x. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-56084. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Logpoint up to 7.4.x and classified as critical. This vulnerability affects unknown code of the component Report Template Handler. The manipulation leads to command injection. This vulnerability was named CVE-2024-56086. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Logpoint up to 7.4.x and classified as critical. This issue affects some unknown processing of the component Search Template Dashboard. The manipulation leads to injection. The identification of this vulnerability is CVE-2024-56085. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Logpoint up to 7.4.x. It has been classified as critical. Affected is an unknown function of the component Search Template Dashboard. The manipulation leads to injection. This vulnerability is traded as CVE-2024-56087. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Kernel Callback Tables for Process Injection The Kernel Callback Table in the Process Environment Block (PEB) can be hijacked by attackers to redirect a process’s execution flow, enabling them to execute malicious payloads. This...

The post Kernel Callback Tables for Process Injection: perform process injection and hijack execution flow appeared first on Penetration Testing Tools.

Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version. Overview Inveigh conducts spoofing attacks and hash/credential captures...

The post Inveigh: .NET IPv4/IPv6 machine-in-the-middle tool appeared first on Penetration Testing Tools.

UEFI Firmware Parser The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other...

The post UEFI Firmware Parser: Parse BIOS/Intel ME/UEFI firmware related structures appeared first on Penetration Testing Tools.

聊点你们想聊的，快来填写调研告诉我吧！

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The identification of this vulnerability is CVE-2024-8862. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.