Aggregator

Submit #436566 / VDB-283036

A vulnerability, which was classified as critical, has been found in projectworlds Travel Management System 1.0. Affected by this issue is the function deletesubcategory of the file deletesubcategory.php. The manipulation of the argument t2 leads to sql injection. This vulnerability is handled as CVE-2024-51326. The attack may be launched remotely. There is no exploit available.

一起探索安卓逆向的奥秘

剖析真实漏洞案例，融合开源方案实践

A vulnerability classified as problematic was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addcategory.php. The manipulation of the argument t2 leads to cross site scripting. This vulnerability is known as CVE-2024-51328. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in projectworlds Travel Management System 1.0. Affected is an unknown function of the file loginform.php. The manipulation of the argument username/password leads to sql injection. This vulnerability is traded as CVE-2024-51327. It is possible to launch the attack remotely. There is no exploit available.

只能向药店提供有限范围的供货

良好架构是大型APP共同开发的支撑。BlockFramework是西瓜视频团队研发的一套客户端业务开发框架，具备业务分层、组装以及协同的能力，业务方基于此框架能够轻易实现业务解耦，独立开展逻辑迭代，从而提升架构的稳定性。

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The identification of this vulnerability is CVE-2024-10807. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. This vulnerability was named CVE-2024-10806. The attack can be initiated remotely. Furthermore, there is an exploit available.

UK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. [...]

A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10805. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well.

Submit #436551 / VDB-283031

Submit #436547 / VDB-283030

Submit #436548 / VDB-212444

A vulnerability was found in openimaj 1.3.10 and classified as problematic. Affected by this issue is some unknown functionality of the component Dmoz2CSV. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2024-51136. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in hornetq 2.4.9 and classified as problematic. Affected by this vulnerability is the function createTempFile. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-51127. The attack needs to be done within the local network. There is no exploit available.

Submit #436546 / VDB-283029