Pagina 3 – Azienda Sicura

Lista CVE 2024/13xxx

CVE nel gruppo: 13xxx

CVE-2024-13042 (N/A)

CVE-2024-13043 (Tsinghua Unigroup Electronic Archives Management System download.html download information disclosure)

CVE-2024-13044 (Panda Security Dome Link Following Local Privilege Escalation Vulnerability)

CVE-2024-13045 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-13046 (Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability)

CVE-2024-13047 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-13048 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability)

CVE-2024-13049 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability)

CVE-2024-13050 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability)

CVE-2024-13051 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability)

CVE-2024-13052 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability)

CVE-2024-13054 (Dental Optimizer Patient Generator App <= 1.0 - Reflected XSS)

CVE-2024-13055 (Allocation of Resources Without Limits or Throttling in GitLab)

CVE-2024-13056 (Dyn Business Panel <= 1.0.0 - Reflected XSS)

CVE-2024-13057 (Dyn Business Panel <= 1.0.0 - Reflected XSS)

CVE-2024-13058 (Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF)

CVE-2024-13059 (Authenticated, non-admin users can create storage pools via the sifi API)

CVE-2024-13060 (Path Traversal in mintplex-labs/anything-llm)

CVE-2024-13061 (Improper Authorization in mintplex-labs/anything-llm)

CVE-2024-13062 (2100 Technology Electronic Official Document Management System – Authentication Bypass)

CVE-2024-13067 (N/A)

CVE-2024-13069 (CodeAstro Online Food Ordering System All Users Page all_users.php access control)

CVE-2024-13070 (SourceCodester Multi Role Login System add-user.php cross site scripting)

CVE-2024-13072 (CodeAstro Online Food Ordering System Update User Page update_users.php sql injection)

CVE-2024-13074 (1000 Projects Beauty Parlour Management System Customer Detail add-customer-services.php sql injection)

CVE-2024-13075 (PHPGurukul Land Record System index.php cross site scripting)

CVE-2024-13076 (PHPGurukul Land Record System add-propertytype.php cross site scripting)

CVE-2024-13077 (PHPGurukul Land Record System edit-propertytype.php cross site scripting)

CVE-2024-13078 (PHPGurukul Land Record System add-property.php cross site scripting)

CVE-2024-13079 (PHPGurukul Land Record System index.php sql injection)

CVE-2024-13080 (PHPGurukul Land Record System property-details.php sql injection)

CVE-2024-13081 (PHPGurukul Land Record System aboutus.php cross site scripting)

CVE-2024-13082 (PHPGurukul Land Record System contactus.php cross site scripting)

CVE-2024-13083 (PHPGurukul Land Record System search-property.php cross site scripting)

CVE-2024-13084 (PHPGurukul Land Record System admin-profile.php cross site scripting)

CVE-2024-13085 (PHPGurukul Land Record System search-property.php sql injection)

CVE-2024-13086 (PHPGurukul Land Record System login.php sql injection)

CVE-2024-13091 (QTS, QuTS hero)

CVE-2024-13092 (WPBot Pro WordPress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload)

CVE-2024-13093 (code-projects Job Recruitment Job Post search_ajax.php sql injection)

CVE-2024-13094 (code-projects Job Recruitment Seeker Profile _call_main_search_ajax.php sql injection)

CVE-2024-13095 (WP Triggers Lite <= 2.5.3 - Reflected XSS)

CVE-2024-13096 (WP Triggers Lite <= 2.5.3 - Admin+ SQL Injection)

CVE-2024-13097 (WP Finance <= 1.3.6 - Stored XSS via CSRF)

CVE-2024-13098 (WP Finance <= 1.3.6 - Reflected XSS)

CVE-2024-13099 (WP Email Newsletter <= 1.1 - Reflected XSS)

CVE-2024-13100 (Widget4call <= 1.0.7 - Reflected XSS)

CVE-2024-13101 (Woo UPS Pickup <= 2.6.3 - Reflected XSS)

CVE-2024-13102 (WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS)

CVE-2024-13103 (D-Link DIR-816 A2 DDNS Service access control)

CVE-2024-13104 (D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control)

CVE-2024-13105 (D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control)

CVE-2024-13106 (D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control)

CVE-2024-13107 (D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control)

CVE-2024-13108 (D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control)

CVE-2024-13109 (D-Link DIR-816 A2 form2NetSniper.cgi access control)

CVE-2024-13110 (Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization)

CVE-2024-13111 (Beijing Yunfan Internet Technology Yunfan Learning Examination System Exam Answer PaperController.java， information disclosure)

CVE-2024-13112 (Beijing Yunfan Internet Technology Yunfan Learning Examination System JWT Token SysUserControl improper authentication)

CVE-2024-13113 (WP MediaTagger <= 4.1.1 - Reflected XSS)

Precedente Successivo