Security Vulnerabilities - CVEs Published In July 2024
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-15
Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-07-15
An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-15
Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-15
Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-07-15
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-15
Unquoted Search Path or Element vulnerability in ABB Mint Workbench.
A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
This issue affects Mint Workbench I versions: from 5866 before 5868.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-15
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".
CVSS Score
4.3
EPSS Score
0.828
Published
2024-07-15
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-07-15
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
CVSS Score
5.8
EPSS Score
0.002
Published
2024-07-15