Aggregator

Submit #430077 / VDB-281702

Submit #430074 / VDB-281701

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-10353. It is possible to launch the attack remotely. Furthermore, there is an exploit available. This affects a different product and is a different issue than CVE-2024-40480.

Submit #430054 / VDB-255374

Submit #430029 / VDB-255456

捷克的软件开发商 JetBrains 宣布，用于.NET 开发、以及 Unity (C#) 和 Unreal Engine (C++)游戏开发的 IDE Rider 和 Web, JavaScript 和 TypeScript 的 IDE WebStorm 允许非商业用户免费使用。JetBrains 称，今年早些时候，IDE RustRover 和 Aqua 实施了一种新的许可模式，即面向非商业用途免费提供。现在这一模式扩展到 WebStorm 和 Rider。如果用户将这些 IDE 用于非商业用途，例如学习、开源项目开发、内容创建或业余爱好开发，那么现在可以免费使用这些 IDE。这项变动不涉及商业项目，它将继续实施现有的许可模式。其他 JetBrains IDE 也不受此更新的影响。它将根据效果判断是否可以推广带其它 IDE。

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-10351. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #427957 / VDB-281700

A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. This vulnerability was named CVE-2024-10350. The attack can be initiated remotely. Furthermore, there is an exploit available.

msldap是一款用于审计MS AD的LDAP库，广大研究人员可以利用该工具轻松执行针对MS AD的安全审计任务。

Submit #427706 / VDB-281699

Submit #427705 / VDB-281698

Обычное упущение послужило отправной точкой для масштабных атак.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10348. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10349. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #427471 / VDB-281697

Submit #427472 / VDB-281696