59 matches found
Cross site scripting
Cross Site Scripting XSS vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL...
CVE-2023-36317
Cross Site Scripting XSS vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL...
CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL...
Sql injection
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL...
CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL...
CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL...
TPCMS Access Control Error Vulnerability (CNVD-2023-09604)
TPCMS is a source of happiness Source of Happiness individual developers of an open source content management system. An access control error vulnerability exists in TPCMS version 3.2. A remote attacker could exploit this vulnerability to obtain sensitive information via the application URL...
Improper access control
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL...
CVE-2021-36544
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL...
Library Management System With QR Code 1.0 Shell Upload
Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
CVE-2022-22690
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...
Default credentials
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...
Open redirect
SAP Solution Manager Trace Analysis, version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the...
CVE-2020-14024
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the 1 Receiver or Recipient field in the Mailbox feature, 2 OZFORMGROUPNAME field in the Group configuration of addresses, 3 listname field in the Defining address lists configuration, o...
Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462)
Summary A clickjacking vulnerability has been reported for the administrative tool ACCE of the embedded component used by IBM BPM document store. Vulnerability Details CVEID: CVE-2013-5462 DESCRIPTION: The IBM Content Navigator application URL can be opened within a frame in a Web page. In this...
CVE-2017-3966
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...
CVE-2017-3966
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...
CVE-2017-3966
CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...
CVE-2017-3966 SB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...