40 matches found
EUVD-2010-3104
Malware in sbrugna...
EUVD-2024-27545
Malicious code in bioql PyPI...
EUVD-2024-27548
Malicious code in bioql PyPI...
EUVD-2024-27536
Malicious code in bioql PyPI...
EUVD-2024-27539
Malicious code in bioql PyPI...
EUVD-2024-27538
Malicious code in bioql PyPI...
EUVD-2024-27541
Malicious code in bioql PyPI...
EUVD-2024-27533
Malicious code in bioql PyPI...
EUVD-2024-27544
Malicious code in bioql PyPI...
EUVD-2024-27546
Malicious code in bioql PyPI...
EUVD-2024-27547
Malicious code in bioql PyPI...
CVE-2024-2599
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...
CVE-2024-2593
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailgroup.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a special...
CVE-2024-2598
CVE-2024-2598 affects AMSS++ version 4.31, with a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled input in multiple parameters of the /amssplus/modules/book/main/select_send_2.php endpoint. Exploitation could allow a remote attacker to lure an authenticate...
CVE-2024-2597 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailschoolperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...
CVE-2024-2596 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2594
AMSS++ 4.31 is affected by a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled input in multiple parameters on /amssplus/admin/index.php. Root cause: input is not properly encoded, enabling a remote attacker to craft a URL that, when visited by an authentica...
CVE-2024-2592 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2591 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailgroup.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2590
AMSS++ 4.31 is affected by an SQL injection in the sd_index parameter of /amssplus/modules/mail/main/select_send.php. The issue allows a remote attacker to craft SQL queries to the database and exfiltrate data. Several connected sources (including PT-2024-21192 and CVE records) corroborate the vu...