WarmBrew

15 exploits Active since Feb 2024
CVE-2024-30802 GITHUB CRITICAL WRITEUP
Vehicle Management System <7.31.0.3 - Privilege Escalation
An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.
3 stars
CVSS 9.8
CVE-2024-30801 GITHUB MEDIUM WRITEUP
Cloud based customer service management platform <1.0.0 - SQL Injec...
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
3 stars
CVSS 5.5
CVE-2024-39178 GITHUB MEDIUM WRITEUP
MyPower vc8100 - Info Disclosure
MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.
3 stars
CVSS 5.4
CVE-2024-42676 GITHUB HIGH WRITEUP
Huizhi Enterprise Resource Management <1.0 - RCE
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component
3 stars
CVSS 8.8
CVE-2024-42677 GITHUB MEDIUM WRITEUP
Huizhi Enterprise Resource Management <1.0 - Info Disclosure
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
3 stars
CVSS 5.5
CVE-2024-42678 GITHUB MEDIUM WRITEUP
Super easy enterprise management system <1.0.0 - XSS
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component.
3 stars
CVSS 6.1
CVE-2024-42679 GITHUB HIGH WRITEUP
Super easy enterprise management system <1.0.0 - SQL Injection
SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.
3 stars
CVSS 7.8
CVE-2024-42680 GITHUB MEDIUM WRITEUP
Super easy enterprise management system <1.0.0 - Info Disclosure
An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.
3 stars
CVSS 5.5
CVE-2024-44756 GITHUB CRITICAL WRITEUP
NUS-M9 ERP Mgmt SW v3.0.0 - SQL Injection
NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.
3 stars
CVSS 9.8
CVE-2024-44757 GITHUB HIGH WRITEUP
NUS-M9 ERP Mgmt <3.0.0 - Info Disclosure
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
3 stars
CVSS 7.5
CVE-2024-44758 GITHUB CRITICAL WRITEUP
NUS-M9 ERP Management Software <3.0.0 - Code Injection
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.
3 stars
CVSS 9.8
CVE-2024-44759 GITHUB HIGH WRITEUP
NUS-M9 ERP Mgmt <3.0.0 - Info Disclosure
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
3 stars
CVSS 7.5
CVE-2024-44760 GITHUB HIGH WRITEUP
Shenzhou News Union Enterprise Management System <18.8 - Incorrect Access Control
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
3 stars
CVSS 7.5
CVE-2024-44761 GITHUB CRITICAL WRITEUP
EQ Enterprise Management System <2.0.0 - Path Traversal
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
3 stars
CVSS 9.8
CVE-2024-22547 GITHUB MEDIUM WRITEUP
WayOS IBR-7150 <17.06.23 - XSS
WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).
3 stars
CVSS 4.7