Alerts | HunCERT group

16 Dec 2024

NA - CVE-2024-55951 - Metabase is an open-source data analytics...

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed...

security-database.com

16 Dec 2024

NA - CVE-2024-55100 - A stored cross-site scripting (XSS)...

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a...

security-database.com

16 Dec 2024

NA - CVE-2024-55103 - Online Nurse Hiring System v1.0 was discovered...

Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.

security-database.com

16 Dec 2024

NA - CVE-2024-55104 - Online Nurse Hiring System v1.0 was discovered...

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.

security-database.com

16 Dec 2024

NA - CVE-2024-55557 - ui/pref/ProxyPrefView.java in weasis-core in...

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

security-database.com

16 Dec 2024

NA - CVE-2024-29671 - Buffer Overflow vulnerability in NEXTU FLATA...

Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.

security-database.com

16 Dec 2024

NA - CVE-2024-37773 - An HTML injection vulnerability in Sunbird DCIM...

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.

security-database.com

16 Dec 2024

NA - CVE-2024-37774 - A Cross-Site Request Forgery (CSRF) in Sunbird...

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some...

security-database.com

16 Dec 2024

NA - CVE-2024-37775 - Incorrect access control in Sunbird DCIM...

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.

security-database.com

16 Dec 2024

NA - CVE-2024-37776 - A cross-site scripting (XSS) vulnerability in...

A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.

security-database.com

Phone:	+36 1 279 6222 9am to 4pm
E-mail:	@email
Address:	H-1111 Budapest, Kende u. 13-17.