Lucene search

K

Hms Security Vulnerabilities

cve
cve

CVE-2022-3972

A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the.....

9.8CVSS

9.7AI Score

0.002EPSS

2022-11-13 10:15 AM
49
22
cve
cve

CVE-2022-3973

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit.....

9.8CVSS

9.8AI Score

0.002EPSS

2022-11-13 10:15 AM
32
18
cve
cve

CVE-2022-23364

HMS v1.0 was discovered to contain a SQL injection vulnerability via...

9.8CVSS

9.7AI Score

0.002EPSS

2022-01-21 11:15 PM
118
cve
cve

CVE-2022-23366

HMS v1.0 was discovered to contain a SQL injection vulnerability via...

9.8CVSS

9.8AI Score

0.01EPSS

2022-01-21 11:15 PM
57
cve
cve

CVE-2022-23365

HMS v1.0 was discovered to contain a SQL injection vulnerability via...

9.8CVSS

9.7AI Score

0.002EPSS

2022-01-21 11:15 PM
38
cve
cve

CVE-2021-42841

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the...

6.1CVSS

6.1AI Score

0.001EPSS

2022-01-06 09:15 PM
18
cve
cve

CVE-2020-16230

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the....

2.3CVSS

3.8AI Score

0.0004EPSS

2020-09-18 07:15 PM
23
cve
cve

CVE-2013-4241

Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page);...

6.1CVSS

6.1AI Score

0.005EPSS

2020-01-30 09:15 PM
71
cve
cve

CVE-2013-4240

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the...

7.5AI Score

0.003EPSS

2014-04-02 04:05 PM
18
cve
cve

CVE-2006-1430

Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter.....

5.8AI Score

0.012EPSS

2006-03-28 09:02 PM
17
cve
cve

CVE-2005-4367

Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES).....

6.1AI Score

0.007EPSS

2005-12-20 01:03 AM
19
cve
cve

CVE-2005-4366

Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php,...

8.6AI Score

0.011EPSS

2005-12-20 01:03 AM
27
cve
cve

CVE-2005-4137

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID...

8.7AI Score

0.011EPSS

2005-12-09 03:03 PM
20
cve
cve

CVE-2005-4136

Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress...

6AI Score

0.003EPSS

2005-12-09 03:03 PM
25