CVE-2024-36568 |
Description: Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36550 |
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
CVE-2024-36549 |
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
CVE-2024-36548 |
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
CVE-2024-36547 |
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
CVE-2024-36522 |
Description: The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.
Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-3652 |
Description: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36497 |
Description: The decrypted configuration file contains the password in cleartext
which is used to configure WINSelect. It can be used to remove the
existing restrictions and disable WINSelect entirely.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36496 |
Description: The configuration file is encrypted with a static key derived from a
static five-character password which allows an attacker to decrypt this
file. The application hashes this five-character password with
the outdated and broken MD5 algorithm (no salt) and uses the first five
bytes as the key for RC4. The configuration file is then encrypted with
these parameters.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36495 |
Description: The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:
C:\ProgramData\WINSelect\WINSelect.wsd
The path for the affected WINSelect Enterprise configuration file is:
C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|