{"vulnerability": "CVE-2024-1037", "sightings": [{"uuid": "84983621-689f-445a-824a-d594127e0a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1037", "type": "seen", "source": "https://t.me/ctinow/180565", "content": "https://ift.tt/wRLcJZ7\nCVE-2024-1037", "creation_timestamp": "2024-02-07T08:31:55.000000Z"}, {"uuid": "e0a35328-58f0-48c6-aa46-bf4f2f014e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10379", "type": "seen", "source": "https://t.me/cvedetector/8939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10379 - ESAFENET CDG Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10379 \nPublished : Oct. 25, 2024, 12:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T14:34:38.000000Z"}, {"uuid": "1a339b26-cb58-474b-8911-279462aa6cca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10378", "type": "seen", "source": "https://t.me/cvedetector/8938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10378 - Esafenet CDG SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10378 \nPublished : Oct. 25, 2024, 12:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T14:34:38.000000Z"}, {"uuid": "5832aef7-5820-4656-9a14-b65b1f75e82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10374", "type": "seen", "source": "https://t.me/cvedetector/8937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10374 - \"WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10374 \nPublished : Oct. 25, 2024, 12:15 p.m. | 18\u00a0minutes ago \nDescription : The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T14:34:37.000000Z"}, {"uuid": "3d1eb026-e0b5-44d3-9be9-2bfbaaa4b2d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10371", "type": "seen", "source": "https://t.me/cvedetector/8883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10371 - SourceCodester Payroll Management System Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-10371 \nPublished : Oct. 25, 2024, 2:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T05:22:43.000000Z"}, {"uuid": "e01ec248-86aa-4be6-a6d0-7ef66a3f3981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10372", "type": "seen", "source": "https://t.me/cvedetector/8882", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10372 - Chidiwilliams Buzz Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10372 \nPublished : Oct. 25, 2024, 2:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T05:22:42.000000Z"}, {"uuid": "c9ccdef6-5cbb-47e7-9ef1-fcdafedfcb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10370", "type": "seen", "source": "https://t.me/cvedetector/8886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10370 - Codezips Sales Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10370 \nPublished : Oct. 25, 2024, 2:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T05:22:45.000000Z"}]}