NA - CVE-2024-39737 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...
NA - CVE-2024-39739 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the...
NA - CVE-2024-39729 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the...
NA - CVE-2024-39735 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...
NA - CVE-2024-39740 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system....
NA - CVE-2024-39741 - IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,...
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing...
High - CVE-2024-6737 - The access control in the Electronic Official...
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account...
Medium - CVE-2024-6738 - The tumbnail API of Tronclass from WisdomGarden...
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
NA - CVE-2024-6739 - The session cookie in MailGates and MailAudit...
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
NA - CVE-2024-6745 - A vulnerability classified as critical has been...
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The...