cve.fortera.au
Open in
urlscan Pro
101.234.159.9
Public Scan
Submitted URL: https://cve.fortera.au/
Effective URL: https://cve.fortera.au/cve
Submission: On September 17 via api from US — Scanned from AU
Effective URL: https://cve.fortera.au/cve
Submission: On September 17 via api from US — Scanned from AU
Form analysis 1 forms found in the DOM
GET
<form method="GET">
<div class="row">
<div class="col-md-3">
<div class="form-group">
<div data-toggle="tooltip" data-container="body" title="" data-original-title="You must be signed in to filter the list of CVE by tag">
<select class="form-control select2 select2-hidden-accessible" data-placeholder="Select a tag" disabled="" data-select2-id="1" tabindex="-1" aria-hidden="true"></select><span
class="select2 select2-container select2-container--default select2-container--disabled" dir="ltr" data-select2-id="2" style="width: 255.625px;"><span class="selection"><span class="select2-selection select2-selection--single"
role="combobox" aria-haspopup="true" aria-expanded="false" tabindex="-1" aria-labelledby="select2-ke20-container"><span class="select2-selection__rendered" id="select2-ke20-container" role="textbox" aria-readonly="true"><span
class="select2-selection__placeholder">Select a tag</span></span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span></span></span><span class="dropdown-wrapper"
aria-hidden="true"></span></span>
</div>
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<select class="form-control select2 select2-hidden-accessible" name="cvss" data-placeholder="Filter by CVSS v3 score" data-select2-id="3" tabindex="-1" aria-hidden="true">
<option data-select2-id="5"></option>
<option value="none">None (0.0)</option>
<option value="low">Low (0.1 - 3.9)</option>
<option value="medium">Medium (4.0 - 6.9)</option>
<option value="high">High (7.0 - 8.9)</option>
<option value="critical">Critical (9.0 - 10.0)</option>
</select><span class="select2 select2-container select2-container--default" dir="ltr" data-select2-id="4" style="width: 255.625px;"><span class="selection"><span class="select2-selection select2-selection--single" role="combobox"
aria-haspopup="true" aria-expanded="false" tabindex="0" aria-labelledby="select2-cvss-ud-container"><span class="select2-selection__rendered" id="select2-cvss-ud-container" role="textbox" aria-readonly="true"><span
class="select2-selection__placeholder">Filter by CVSS v3 score</span></span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span></span></span><span class="dropdown-wrapper"
aria-hidden="true"></span></span>
</div>
</div>
<div class="col-md-4">
<input type="text" placeholder="Search in CVEs" class="form-control" name="search" value="">
</div>
<div class="col-md-2">
<button type="submit" class="btn btn-primary">Search</button>
</div>
</div>
</form>Text Content
Toggle navigation * Sign in * Register * Vulnerabilities (CVE) * Vendors & Products (CPE) * Categories (CWE) VULNERABILITIES (CVE) 1. OpenCVE 2. Vulnerabilities (CVE) Select a tag None (0.0) Low (0.1 - 3.9) Medium (4.0 - 6.9) High (7.0 - 8.9) Critical (9.0 - 10.0) Filter by CVSS v3 score Search Total 263085 CVE CVE Vendors Products Updated CVSS v2 CVSS v3 CVE-2024-8767 2024-09-17 N/A 9.9 CRITICAL Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. CVE-2024-8761 2024-09-17 N/A 7.2 HIGH The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. CVE-2024-8337 1 Rems 1 Contact Manager With Export To Vcf 2024-09-17 4.0 MEDIUM 5.4 MEDIUM A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. CVE-2024-8490 2024-09-17 N/A 8.8 HIGH The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-8093 2024-09-17 N/A N/A The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVE-2024-8092 2024-09-17 N/A N/A The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. CVE-2024-8091 2024-09-17 N/A N/A The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVE-2024-8052 2024-09-17 N/A N/A The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. CVE-2024-8051 2024-09-17 N/A N/A The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. CVE-2024-8047 2024-09-17 N/A N/A The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVE-2024-8044 2024-09-17 N/A N/A The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVE-2024-8043 2024-09-17 N/A N/A The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. CVE-2024-5170 2024-09-17 N/A N/A The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVE-2021-32036 1 Mongodb 1 Mongodb 2024-09-17 5.5 MEDIUM 7.1 HIGH An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28 CVE-2022-29923 1 Thingsforrestaurants 1 Quick Restaurant Reservations 2024-09-17 N/A 4.8 MEDIUM Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. CVE-2022-24038 1 Karmasis 1 Infraskope Siem\+ 2024-09-17 N/A 6.5 MEDIUM Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. CVE-2022-24036 1 Karmasis 1 Infraskope Siem\+ 2024-09-17 N/A 8.6 HIGH Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. CVE-2021-44793 1 Krontech 1 Single Connect 2024-09-17 5.0 MEDIUM 8.6 HIGH Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. CVE-2021-44792 1 Krontech 1 Single Connect 2024-09-17 5.0 MEDIUM 5.3 MEDIUM Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. CVE-2021-35232 1 Solarwinds 1 Webhelpdesk 2024-09-17 3.6 LOW 6.1 MEDIUM Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. * « * 1 * 2 * 3 * 4 * 5 * ... * 13154 * 13155 * » Copyright © 2023 OpenCVE.