CVE-2024-38208

CVE-2024-38208

Título es
CVE-2024-38208

Jue, 22/08/2024 – 23:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-38208

Descripción en
Microsoft Edge for Android Spoofing Vulnerability

23/08/2024
23/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38208

    • Enviar en el boletín
    Off

    CVE-2024-8087

    CVE-2024-8087

    Título es
    CVE-2024-8087

    Jue, 22/08/2024 – 23:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8087

    Descripción en
    A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/0xffaaa/cve/blob/main/ecommerce-Unauthorized%20sql%20union%20injection.md

  • https://vuldb.com/?ctiid_275567=

  • https://vuldb.com/?id_275567=

  • https://vuldb.com/?submit_396321=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-8086

    CVE-2024-8086

    Título es
    CVE-2024-8086

    Jue, 22/08/2024 – 23:15

    Tipo
    CWE-89

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-8086

    Descripción en
    A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/0xffaaa/cve/blob/main/ecommerce-Universal%20password%20bypasses%20login%20verification.md

  • https://vuldb.com/?ctiid_275566=

  • https://vuldb.com/?id_275566=

  • https://vuldb.com/?submit_396320=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-8089

    CVE-2024-8089

    Título es
    CVE-2024-8089

    Vie, 23/08/2024 – 00:15

    Tipo
    CWE-434

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8089

    Descripción en
    A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    23/08/2024
    23/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/0xffaaa/cve/blob/main/ecommerce-Unauthorized%20arbitrary%20file%20upload%20vulnerability.md

  • https://vuldb.com/?ctiid_275568=

  • https://vuldb.com/?id_275568=

  • https://vuldb.com/?submit_396324=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-8079

    CVE-2024-8079

    Título es
    CVE-2024-8079

    Jue, 22/08/2024 – 21:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-8079

    Descripción en
    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md

  • https://vuldb.com/?ctiid_275561=

  • https://vuldb.com/?id_275561=

  • https://vuldb.com/?submit_390937=

  • https://www.totolink.net/

    • Enviar en el boletín
    Off

    CVE-2024-8078

    CVE-2024-8078

    Título es
    CVE-2024-8078

    Jue, 22/08/2024 – 21:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-8078

    Descripción en
    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md

  • https://vuldb.com/?ctiid_275560=

  • https://vuldb.com/?id_275560=

  • https://www.totolink.net/

    • Enviar en el boletín
    Off

    CVE-2024-42763

    CVE-2024-42763

    Título es
    CVE-2024-42763

    Jue, 22/08/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42763

    Descripción en
    A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Reflected%20XSS%20-%20Book%20Ticket.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-42762

    CVE-2024-42762

    Título es
    CVE-2024-42762

    Jue, 22/08/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42762

    Descripción en
    A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-42761

    CVE-2024-42761

    Título es
    CVE-2024-42761

    Jue, 22/08/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42761

    Descripción en
    A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter.

    22/08/2024
    22/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Bus%20Schedule%20List.pdf

  • https://www.kashipara.com/

    • Enviar en el boletín
    Off

    CVE-2024-8080

    CVE-2024-8080

    Título es
    CVE-2024-8080

    Jue, 22/08/2024 – 21:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8080

    Descripción en
    A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name with the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of string leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    22/08/2024
    22/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/shang159/sqli-vul/blob/main/sql2.md

  • https://vuldb.com/?ctiid_275562=

  • https://vuldb.com/?id_275562=

  • https://vuldb.com/?submit_395465=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off