Lista CVE 2024/8xxx

CVE nel gruppo: 8xxx

CVE-2024-8066 (Clicca per dettagli)

CVE-2024-8067 (File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload)

CVE-2024-8068 (Unicode “best fit” argument injection)

CVE-2024-8069 (Privilege escalation to NetworkService Account access)

CVE-2024-8070 (Limited remote code execution with privilege of a NetworkService Account access)

CVE-2024-8071 (Clicca per dettagli)

CVE-2024-8072 (System Role with edit access to permissions can elevate themselves to system admin)

CVE-2024-8073 (Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users)

CVE-2024-8074 (Command Injection Vulnerability in Hillstone Networks Web Application Firewall)

CVE-2024-8075 (Sensetive Data Exposure in Nomysoft Informatics’ Nomysem)

CVE-2024-8076 (TOTOLINK AC1200 T8 setDiagnosisCfg os command injection)

CVE-2024-8077 (TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow)

CVE-2024-8078 (TOTOLINK AC1200 T8 setTracerouteCfg os command injection)

CVE-2024-8079 (TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow)

CVE-2024-8080 (TOTOLINK AC1200 T8 exportOvpn buffer overflow)

CVE-2024-8081 (SourceCodester Online Health Care System search.php sql injection)

CVE-2024-8083 (itsourcecode Payroll Management System login.php sql injection)

CVE-2024-8084 (SourceCodester Online Computer and Laptop Store Master.php sql injection)

CVE-2024-8086 (SourceCodester Online Computer and Laptop Store Setting SystemSettings.php cross site scripting)

CVE-2024-8087 (SourceCodester E-Commerce System Admin Login login.php sql injection)

CVE-2024-8088 (SourceCodester E-Commerce System popup_Item.php sql injection)

CVE-2024-8089 (Infinite loop when iterating over zip archive entry names from zipfile.Path)

CVE-2024-8091 (SourceCodester E-Commerce System controller.php unrestricted upload)

CVE-2024-8092 (Enhanced Search Box <= 0.6.1 - Settings Update via CSRF)

CVE-2024-8093 (Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF)

CVE-2024-8096 (Posts reminder <= 0.20 - Settings Update via CSRF)

CVE-2024-8097 (OCSP stapling bypass with GnuTLS)

CVE-2024-8099 (Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level)

CVE-2024-8101 (Server-Side Request Forgery (SSRF) in vanna-ai/vanna)

CVE-2024-8102 (Stored XSS in aimhubio/aim)

CVE-2024-8103 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update)

CVE-2024-8104 (WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter)

CVE-2024-8105 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download)

CVE-2024-8106 (Insecure Platform Key (PK) used in UEFI system firmware signature)

CVE-2024-8107 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure)

CVE-2024-8108 (Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload)

CVE-2024-8110 (Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter)

CVE-2024-8112 (Clicca per dettagli)

CVE-2024-8113 (thinkgem JeeSite Cookie login cross site scripting)

CVE-2024-8114 (Stored XSS in Placeholder Samples in Mail Preview)

CVE-2024-8116 (Missing Authorization in GitLab)

CVE-2024-8117 (Incorrect Authorization in GitLab)

CVE-2024-8118 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option)

CVE-2024-8119 (Grafana alerting wrong permission on datasource rule write endpoint)

CVE-2024-8120 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page)

CVE-2024-8121 (ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions)

CVE-2024-8123 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change)

CVE-2024-8124 (The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference)

CVE-2024-8125 (Inefficient Regular Expression Complexity in GitLab)

CVE-2024-8126 (A remote code vulnerability has been discovered in OpenText™ Content Management.)

CVE-2024-8127 (Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload)

CVE-2024-8128 (D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_unzip command injection)

CVE-2024-8129 (D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection)

CVE-2024-8130 (D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection)

CVE-2024-8131 (D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3 command injection)

CVE-2024-8132 (D-Link DNS-1550-04 HTTP POST Request apkg_mgr.cgi module_enable_disable command injection)

CVE-2024-8133 (D-Link DNS-1550-04 HTTP POST Request webdav_mgr.cgi webdav_mgr command injection)

CVE-2024-8134 (D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_R5_SpareDsk_DiskMGR command injection)

CVE-2024-8135 (D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_Std2R5_1st_DiskMGR command injection)

CVE-2024-8136 (Go-Tribe gotribe token.go Sign hard-coded credentials)

CVE-2024-8137 (SourceCodester Record Management System sort1_user.php cross site scripting)

CVE-2024-8138 (SourceCodester Record Management System search_user.php cross site scripting)

CVE-2024-8139 (code-projects Pharmacy Management System Parameter index.php editManager sql injection)

CVE-2024-8140 (itsourcecode E-Commerce Website search_list.php sql injection)

CVE-2024-8141 (SourceCodester Task Progress Tracker update-task.php cross site scripting)

CVE-2024-8142 (SourceCodester Daily Calories Monitoring Tool add-calorie.php cross site scripting)

CVE-2024-8143 (SourceCodester Daily Calories Monitoring Tool delete-calorie.php cross site scripting)

CVE-2024-8144 (Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt)

CVE-2024-8145 (ClassCMS Logo admin cross site scripting)

CVE-2024-8146 (ClassCMS Article admin cross site scripting)

CVE-2024-8147 (code-projects Pharmacy Management System index.php sql injection)

CVE-2024-8148 (code-projects Pharmacy Management System index.php sql injection)

CVE-2024-8149 (BUG-000168624 – Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1))

CVE-2024-8150 (BUG-000168624 – Unvalidated redirect in Portal for ArcGIS.)

CVE-2024-8151 (ContiNew Admin user sql injection)

CVE-2024-8152 (SourceCodester Interactive Map with Marker delete-mark.php cross site scripting)

CVE-2024-8153 (SourceCodester QR Code Bookmark System Parameter add-bookmark.php cross site scripting)

CVE-2024-8154 (SourceCodester QR Code Bookmark System delete-bookmark.php cross site scripting)

CVE-2024-8155 (SourceCodester QR Code Bookmark System Parameter update-bookmark.php cross site scripting)

CVE-2024-8156 (ContiNew Admin tree sql injection)