CyberSecurityBoard
Sponsor Register Login

CVE-2024-2823

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Fri, 22 Mar 2024 22:15:00 +0000


Cyber News related to CVE-2024-2823

CVE-2024-57903 - In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex ...
5 months ago Tenable.com
CVE-2024-38641 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. ...
9 months ago
CVE-2024-21906 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. ...
9 months ago
CVE-2024-32763 - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. ...
9 months ago
CVE-2024-53691 - A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have ...
6 months ago Tenable.com
CVE-2024-32765 - A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. ...
10 months ago
CVE-2024-57896 - In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() ...
5 months ago Tenable.com
CVE-2024-2823 - A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The ...
1 year ago
CVE-2014-8985 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
7 years ago
CVE-2014-4145 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
7 years ago
CVE-2014-2823 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago
CVE-2014-2811 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago
CVE-2014-4057 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago
CVE-2014-2822 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago
CVE-2014-2810 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago
CVE-2009-2823 - The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. ...
15 years ago
CVE-2010-2823 - Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, ...
13 years ago
CVE-2013-2823 - The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, ...
11 years ago
CVE-2015-2823 - Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime ...
8 years ago
CVE-2007-2823 - Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information. ...
7 years ago
CVE-2012-2823 - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. ...
7 years ago
CVE-2008-2823 - SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. ...
7 years ago
CVE-2006-2823 - Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) ...
6 years ago
CVE-2018-2823 - Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with ...
5 years ago
CVE-2020-2823 - Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)