-
CVE-2024-32651
•
published on April 25, 2024
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
-
CVE-2024-32651
•
published on April 25, 2024
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
-
CVE-2024-32651
•
published on April 25, 2024
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
-
CVE-2024-32651
•
published on April 25, 2024
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-0916
•
published on April 25, 2024
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2024-3265
•
published on April 25, 2024
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
-
CVE-2022-36029
•
published on April 25, 2024
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
-
CVE-2022-36029
•
published on April 25, 2024
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
-
CVE-2022-36029
•
published on April 25, 2024
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
-
CVE-2022-36029
•
published on April 25, 2024
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.