CVE-2024-8035

CVE-2024-8035

Título es
CVE-2024-8035

Mié, 21/08/2024 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-8035

Descripción en
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

21/08/2024
21/08/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

  • https://issues.chromium.org/issues/40059470

    • Enviar en el boletín
    Off

    CVE-2024-42785

    CVE-2024-42785

    Título es
    CVE-2024-42785

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42785

    Descripción en
    A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Playlist.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42784

    CVE-2024-42784

    Título es
    CVE-2024-42784

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42784

    Descripción en
    A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Music%20List.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42783

    CVE-2024-42783

    Título es
    CVE-2024-42783

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42783

    Descripción en
    Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20Manage%20Playlist.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42782

    CVE-2024-42782

    Título es
    CVE-2024-42782

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42782

    Descripción en
    A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20Find%20Music.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42781

    CVE-2024-42781

    Título es
    CVE-2024-42781

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42781

    Descripción en
    A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20Login.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42780

    CVE-2024-42780

    Título es
    CVE-2024-42780

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42780

    Descripción en
    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Genre.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42779

    CVE-2024-42779

    Título es
    CVE-2024-42779

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42779

    Descripción en
    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Music%20List.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-42778

    CVE-2024-42778

    Título es
    CVE-2024-42778

    Mié, 21/08/2024 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42778

    Descripción en
    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Playlist.pdf

  • https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code

    • Enviar en el boletín
    Off

    CVE-2024-41572

    CVE-2024-41572

    Título es
    CVE-2024-41572

    Mié, 21/08/2024 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41572

    Descripción en
    Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization.

    21/08/2024
    21/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://drive.google.com/drive/folders/12NAfZ2VrMvJug1JVSzfz9PwCuttnlwzP

  • https://medium.com/%40ChadSecurity/cve-2024-41572-68397fae354b

    • Enviar en el boletín
    Off