Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-04 | CVE-2024-34882 | Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | 4.9 |
| 2024-11-04 | CVE-2024-34883 | Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | 4.9 |
| 2024-11-04 | CVE-2024-34887 | Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100 Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | 4.9 |
| 2024-11-04 | CVE-2024-51127 | Unspecified vulnerability in Redhat Hornetq An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information. | 7.1 |
| 2024-11-04 | CVE-2024-51326 | SQL Injection vulnerability in Projectworlds Travel Management System 1.0 SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. | 7.5 |
| 2024-11-04 | CVE-2024-51327 | SQL Injection vulnerability in Projectworlds Travel Management System 1.0 SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | 9.8 |
| 2024-11-04 | CVE-2024-51329 | Code Injection vulnerability in Idrsdev Agile-Board 1.0 A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. | 8.8 |
| 2024-11-04 | CVE-2024-48809 | Allocation of Resources Without Limits or Throttling vulnerability in Aetherproject Onos-A1T and Sdran-In-A-Box An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. | 7.5 |
| 2024-11-04 | CVE-2024-51136 | XXE vulnerability in Openimaj 1.3.10 An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. | 9.8 |
| 2024-11-04 | CVE-2024-10764 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0 A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. | 9.8 |