Security Vulnerabilities - CVEs Published In August 2024
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.019
Published
2024-08-22
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-22
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-08-22
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-22
CVE-2024-39717
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
Known exploited
CVSS Score
6.6
EPSS Score
0.071
Published
2024-08-22
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-22
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-08-22
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
CVSS Score
4.9
EPSS Score
0.003
Published
2024-08-22
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-22
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-22