Autore: Angelo Barbosa

A vulnerability has been found in Clavister E10 and E80 up to 20240323 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. This vulnerability was named CVE-2024-3141. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3140. It is possible to initiate the attack remotely. Furthermore, there is an exploit...

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. This vulnerability is handled as CVE-2024-3139. The attack may be launched remotely. Furthermore, there is an exploit...

A vulnerability classified as problematic was found in EnvíaloSimple Plugin up to 2.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-2125. The attack can be launched remotely. There is no exploit...

A vulnerability classified as problematic has been found in IceWhaleTech CasaOS-UserService 0.4.7. Affected is an unknown function of the component Login Page. The manipulation leads to observable response discrepancy. This vulnerability is traded as CVE-2024-28232. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected...