Pool Security Vulnerabilities

CVE-2024-6371

A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be...

CVE-2024-6111

A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-6112

A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument log_email leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-6084

A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to...

CVE-2024-29802

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through...

CVE-2021-29057

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of...

CVE-2017-18524

The football-pool plugin before 2.6.5 for WordPress has multiple XSS...

CVE-2014-4010

SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4)...

CVE-2012-2677

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than...

CVE-2009-2606

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for...

CVE-2007-4482

Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO...

CVE-2007-4186

PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...

CVE-2006-0198

Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a...

CVE-2006-0185

Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG...