The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable. Attackers can inject a command in the password parameter, encoded in base64, to exploit the command injection vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker to take control of the router.
f8530a1d3ff4ead792c8fb4ffb1004e3ddfa57f26304dc3028746bbd99c79dbd
Edu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected.
c90a369f9e92e190de24d8035bc4ae4e56c58d29c471e9653ffa0e568fcee57e
Gentoo Linux Security Advisory 202406-5 - Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution. Versions greater than or equal to 3.08 are affected.
f08b8c35b2a71526cee24ca781a21367d0ebef71f13e4f0c31d6ddb404031571
Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.
5a00e99e4ec518f24201acea96a1dcb4d6db6416194728731ef2a786a76bf4ef
Flatboard version 3.2 suffers from a persistent cross site scripting vulnerability.
219357d7f08636e31a5e04cf4c5eacdc2e724a224d82b37b34b7040e003fe8d5
Gentoo Linux Security Advisory 202406-3 - A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code. Versions greater than or equal to 6.6.3.1 are affected.
18693c2f431f2f97001cda25531c548b88f23d78ab069590b1438c6536b464cf
Carbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.
cba504421b68519aaed702319b854c39235fc60743041d75670a496471266424
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
ceb6ca2287f504c38f9587d2e3b3d4bd933bb43cf78256f23d26c9dcd6761a89
Gentoo Linux Security Advisory 202406-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.14.6 are affected.
20c3c2efefe645abf80b458098c6f027b1f50f0c373d76fad628647b587e7eb6
Gentoo Linux Security Advisory 202406-1 - A vulnerability has been discovered in GLib, which can lead to privilege escalation. Versions greater than or equal to 2.78.6 are affected.
558122bd0f3748b5d44a9c476c9a38d5b7db1d46a92020e51696f0cd6d71925d
Student Attendance Management System version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.
24a3ddbd3a66ebcf49ec8f23556b3c7c395f230971ab16fde259a7afee0a40a3
Red Hat Security Advisory 2024-4058-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.
c9dda84899f811fb7b2a629ce33c86955d06069085858d3282fd1098c357dd0d
Red Hat Security Advisory 2024-4057-03 - Release of OpenShift Serverless Logic 1.33.0. Issues addressed include cross site scripting and denial of service vulnerabilities.
68314117cd947ce031325efcf1691e33cd733d49701f9712ea20e953079252a1
Red Hat Security Advisory 2024-4054-03 - An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a HTTP request smuggling vulnerability.
006d45abb3ce55a9d1c68e005d600d4cd88219e32a395eb6e15c678a65b0ecee
Red Hat Security Advisory 2024-4053-03 - An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2. Issues addressed include an information leakage vulnerability.
7bddb16234e4480f1da029a7e880892df709f692fee0a83d970d1226429a75d3
Red Hat Security Advisory 2024-4052-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
bef8716840f726ad4db8013259680a9bc10b7bf67a3eed93e2ee19822ba27ece
Red Hat Security Advisory 2024-4051-03 - An update for pki-core is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.
8b591a46545d2fc346df180b5df166dcd267d6d13cffe63c0f7ba458e7eff4f4
Red Hat Security Advisory 2024-4050-03 - An update for libreswan is now available for Red Hat Enterprise Linux 9.
d7e10b571a3afc229ee4866450c9bd92350de446e2e18b80fb1171c31dbe25e1
Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.
9e102cbe93f6192c8caedc9ff1e998a3150ce7386317dc22ddbf5e4b3f736fbf