Giters

Chocapikk / My-CVEs

List of my CVEs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

21 CVEs

  • CVE-2023-50917

    • Link: NVD Detail
    • Description: MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

  • CVE-2024-22899

    • Link: NVD Detail
    • Description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

  • CVE-2024-22900

    • Link: NVD Detail
    • Description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.

  • CVE-2024-22901

    • Link: NVD Detail
    • Description: Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

  • CVE-2024-22902

    • Link: NVD Detail
    • Description: Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

  • CVE-2024-22903

    • Link: NVD Detail
    • Description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.

  • CVE-2024-25228

    • Link: NVD Detail
    • Description: Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.

  • CVE-2024-30920

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.

  • CVE-2024-30921

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component.

  • CVE-2024-30922

    • Link: NVD Detail
    • Description: SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.

  • CVE-2024-30923

    • Link: NVD Detail
    • Description: SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering.

  • CVE-2024-30924

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.

  • CVE-2024-30925

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.

  • CVE-2024-30926

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.

  • CVE-2024-30927

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.

  • CVE-2024-30928

    • Link: NVD Detail
    • Description: SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc

  • CVE-2024-30929

    • Link: NVD Detail
    • Description: Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php

  • CVE-2024-31818

    • Link: NVD Detail
    • Description: Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.

  • CVE-2024-31819

    • Link: NVD Detail
    • Description: An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

  • CVE-2024-3032

    • Links: NVD Detail WPScan
    • Description: Themify Builder < 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

  • CVE-2024-35373

    • Links: NVD Detail
    • Description: Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.

  • CVE-2024-35374

    • Links: NVD Detail
    • Description: Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, leading to remote code execution (RCE).

About

List of my CVEs