{"vulnerability": "CVE-2024-1017", "sightings": [{"uuid": "b5555f77-fd85-4dbe-a80c-fb18641b7c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10174", "type": "seen", "source": "Telegram/jG0qnbvX7fTNybHA2Dm9xh0V2CY1RIXz7iuktVVzWNHDLRcS", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "fe9c5648-250a-410f-b0fb-be83ff77e4f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10179", "type": "seen", "source": "https://t.me/cvedetector/10593", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10179 - Slickstream Engagement and Conversions: Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10179 \nPublished : Nov. 12, 2024, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T08:50:25.000000Z"}, {"uuid": "572a16df-538d-42ad-9091-694f4eb0d38a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10174", "type": "seen", "source": "https://t.me/cvedetector/10796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10174 - WordPress Project Manager Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-10174 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:48:04.000000Z"}, {"uuid": "aa991d85-bf09-436c-9b39-cbac57914c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10176", "type": "seen", "source": "https://t.me/cvedetector/8786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10176 - \"Compact WP Audio Player Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10176 \nPublished : Oct. 24, 2024, 11:15 a.m. | 40\u00a0minutes ago \nDescription : The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's   \nsc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-24T14:18:32.000000Z"}, {"uuid": "d362f95c-7aa4-4769-8eb7-8aa2be4f82cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10171", "type": "seen", "source": "https://t.me/cvedetector/8384", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10171 - Blood Bank System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10171 \nPublished : Oct. 20, 2024, 5:15 a.m. | 40\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T08:13:24.000000Z"}, {"uuid": "5d2813c0-58c0-425e-b1fc-aadad4e6d686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10173", "type": "seen", "source": "https://t.me/cvedetector/8383", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10173 - \"Didi DDMQ Console Module Remote Authentication Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-10173 \nPublished : Oct. 20, 2024, 5:15 a.m. | 40\u00a0minutes ago \nDescription : A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T08:13:23.000000Z"}, {"uuid": "8002b367-4a92-4477-a7b6-0dcb296c0366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10170", "type": "seen", "source": "https://t.me/cvedetector/8381", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10170 - Apache Code-projects Hospital Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10170 \nPublished : Oct. 20, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T07:23:12.000000Z"}, {"uuid": "824bbb0c-6520-48b2-87e1-cd52f3a753ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10172", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518619341005576", "content": "", "creation_timestamp": "2024-11-21T02:37:47.956736Z"}, {"uuid": "565ec300-28c6-4511-be6c-7939adb86c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10178", "type": "seen", "source": "https://t.me/cvedetector/12063", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10178 - The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for\", \n  \"Content\": \"CVE ID : CVE-2024-10178 \nPublished : Dec. 5, 2024, 5:15 a.m. | 36\u00a0minutes ago \nDescription : The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T06:59:16.000000Z"}, {"uuid": "74b07f7d-9b8e-42f0-9295-ce4f7dbb9844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1017", "type": "seen", "source": "https://t.me/ctinow/189560", "content": "https://ift.tt/XMIsjge\nCVE-2024-1017 | Gabriels FTP Server 1.2 USERNAME denial of service (ID 176714)", "creation_timestamp": "2024-02-21T13:07:04.000000Z"}, {"uuid": "8620ab08-8799-40ad-b492-b875a41f446c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10177", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518619354920860", "content": "", "creation_timestamp": "2024-11-21T02:37:48.628659Z"}, {"uuid": "ccba3b8b-6743-451c-b5ec-942b825d8c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1017", "type": "seen", "source": "https://t.me/ctinow/184293", "content": "https://ift.tt/0Xki2E9\nCVE-2024-1017 Exploit", "creation_timestamp": "2024-02-13T23:16:46.000000Z"}, {"uuid": "693badce-6f9d-4b32-a7a5-954ed871c107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1017", "type": "seen", "source": "https://t.me/ctinow/175515", "content": "https://ift.tt/QHd5nJW\nCVE-2024-1017", "creation_timestamp": "2024-01-29T20:26:11.000000Z"}, {"uuid": "cbba414e-3777-49b9-b167-8ba164f9d09b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10179", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113468664403749745", "content": "", "creation_timestamp": "2024-11-12T06:53:35.909040Z"}, {"uuid": "be6ea750-7719-4083-9c6c-6b2f4e8c2ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10175", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113553563418668231", "content": "", "creation_timestamp": "2024-11-27T06:44:33.823127Z"}, {"uuid": "3a3daa43-2f1c-4730-b0a1-b0052a1e8c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10178", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113598339968002118", "content": "", "creation_timestamp": "2024-12-05T04:31:47.927111Z"}]}