This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.9.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5.
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-38856.
Posted by Thomas Weber via Fulldisclosure on Aug 05
CyberDanube Security Research 20240805-0
——————————————————————————-
title| Multiple Vulnerabilities in JetPort Series
product| Korenix JetPort Series
vulnerable version| 1.2
fixed version| None
CVE number| CVE-2024-7395, CVE-2024-7396, CVE-2024-7397
impact| High
homepage| https://www.korenix.com/…
Posted by masquerad3r on Aug 05
Hello team,
Please find the attached POC for CVE-2024-40101 for publication.
Regards,
Prerak Mittal
# Exploit Title: Microweber <=v2.0.15 – Reflected Cross-Site Scripting (XSS)
# Date: 16.07.2024
# Exploit Author: Prerak Mittal
# Vendor Homepage: https://microweber.org/
# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15
# Version: <=v2.0.15
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-40101
# Description:
## App…
Rory McNamara reported a local privilege escalation in wpasupplicant: A
user able to escalate to the netdev group can load arbitrary shared
object files in the context of the wpa_supplicant process running as
root.
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.
