CVE-2025-10804

CVE-2025-10804 impacts Campcodes Online Beauty Parlor Management System 1.0, specifically the file /admin/add-customer.php. The vulnerability arises from manipulation of the mobilenum parameter, leading to a SQL injection. It is exploitable remotely and the exploit is public. Various sources rate...

CVE-2025-10804 Campcodes Online Beauty Parlor Management System add-customer.php sql injection

A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploi...

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

CVE-2024-10804

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...

CVE-2024-10804

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...

CVE-2024-10804

creationtimestamp| type| source ---|---|--- 2025-03-07 08:35:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6817 2025-03-08 04:34:56+00:00| seen| Telegram/vIKFwTGY3sbfywu7KH3zgXq94bykvhw1AKV3z25wU-LQg0...

CVE-2024-10804

CVE-2024-10804 describes a directory traversal vulnerability in the Ultimate Video Player WordPress & WooCommerce Plugin (≤ v10.0) that permits unauthenticated attackers to read arbitrary server files via content/downloader.php. The associated metrics show a CVSS v3.1 base score of 7.5 (High) wit...

CVE-2024-10804 Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...

Linux Distros Unpatched Vulnerability : CVE-2018-10804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. CVE-2018-10804 Note that Nessus relies on the presence of the package as...

Important: ImageMagick

Issue Overview: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable. CVE-2016-5841 ImageMagick 7.0.7-12 Q16, a CPU exhaustion...

Mageia: Security Advisory (MGASA-2020-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

@concepto/eb (>=1.1.7 <=1.1.95), @concepto/nuxt (=1.9.427) +11 more potentially affected by CVE-2019-10804 via serial-number (>=0.3.0 <=1.3.0)

serial-number NPM version =0.3.0, =1.1.7, =0.0.1, =1.9.35, =1.1.0, =1.1.1, =0.2.1, =0.1.4, =0.1.1, =0.1.24, =2.5.0, =3.1.1 Source cves: CVE-2019-10804 Source advisory: OSV:GHSA-3FW4-4H3M-892H...

USN-4639-1: phpMyAdmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

openSUSE Security Update : phpMyAdmin (openSUSE-2020-1806)

This update for phpMyAdmin fixes the following issues : phpMyAdmin was updated to 4.9.7 boo1177842 : - Fix two factor authentication that was broken in 4.9.6 - Fix incompatibilities with older PHP versions Update to 4.9.6 : - Fixed XSS relating to the transformation feature boo1177561...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2020:1806-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1806)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2020-10804

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...

CVE-2020-10804

phpMyAdmin exposes a SQL injection in the retrieval of the current username. Affected versions are 4.x before 4.9.5 and 5.x before 5.0.2, with the flaw located in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. An attacker with server access can craft a username to...

SQL injection with processing username

PMASA-2020-2 Announcement-ID: PMASA-2020-2 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection with processing username Description An SQL injection vulnerability was found in how phpMyAdmin retrieves the current username. A malicious user with access to the server could create a...

CVE-2019-10804

creationtimestamp| type| source ---|---|--- 2020-02-29 00:33:03+00:00| seen| https://t.me/cibsecurity/10187...