ggfzx

4 exploits Active since Apr 2024
CVE-2024-28995 NOMISEC HIGH SCANNER
SolarWinds Serv-U - Directory Traversal
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
2 stars
CVSS 8.6
CVE-2024-36104 NOMISEC CRITICAL SUSPICIOUS
Apache OFBiz <18.12.14 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.
2 stars
CVSS 9.1
CVE-2024-4577 NOMISEC CRITICAL SUSPICIOUS
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
1 stars
CVSS 9.8
CVE-2024-3928 WRITEUP MEDIUM WRITEUP
Dromara open-capacity-platform 2.0.1 - Info Disclosure
A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.
CVSS 4.3