Vulnerability Summary for the Week of December 23, 2024

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
1000 Projects–Attendance Tracking Management System	A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	2024-12-23	7.3	CVE-2024-12899
Global Wisdom Software–ANCHOR	ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials.	2024-12-23	8.4	CVE-2024-12902
Huawei–FusionCompute	There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been as […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of December 23, 2024 Related Tags: Bulletins EN Post navigation ← SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach Cisco states that the second data leak is linked to the one from October → Search for: Social Social Media Daily summary Weekly summary Privacy Policy Legal & Contact Contact Apps Advertising Daily Summary Enter your email address: GDPR compliance Categories Categories Log in Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

1000 Projects–Attendance Tracking Management System

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

2024-12-23

7.3

CVE-2024-12899

Global Wisdom Software–ANCHOR

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials.

2024-12-23

8.4

CVE-2024-12902

Huawei–FusionCompute

There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been as

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of December 23, 2024

← SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

Cisco states that the second data leak is linked to the one from October →

High Vulnerabilities

Read the original article:

Related

Post navigation