Alireza Gharib Blog

CVE ID : CVE-2025-0173 Published : Jan. 2, 2025, 6:15 p.m. | 1 hour, 19 minutes ago Description : A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack…

CVE ID : CVE-2024-56199 Published : Jan. 2, 2025, 6:15 p.m. | 1 hour, 19 minutes ago Description : phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of…

CVE ID : CVE-2024-11717 Published : Jan. 2, 2025, 5:15 p.m. | 2 hours, 20 minutes ago Description : Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that…

CVE ID : CVE-2024-11716 Published : Jan. 2, 2025, 5:15 p.m. | 2 hours, 20 minutes ago Description : While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it’s bracket and then pick a new one, joining…

CVE ID : CVE-2025-0172 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack…

CVE ID : CVE-2024-9950 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2024-56414 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-56413 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2024-55543 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 20 minutes ago Description : Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline,…

A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source web application framework used for developing Java web applications. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the…