CVE-2024-37859 – Lost And Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37859
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. • http://lost.com https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37857 – Lost And Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37857
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. • http://lost.com https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-37858 – Lost And Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37858
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. • http://lost.com https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html https://www.sourcecodester.com • CWE-269: Improper Privilege Management •
CVE-2024-37856 – Lost And Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37856
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. • http://lost.com https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36586
https://notcve.org/view.php?id=CVE-2024-36586
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. • https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md • CWE-269: Improper Privilege Management •