PT-2024-25774 · Sourcecodester · Sourcecodester Online Courseware

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Courseware version 1.0 Description: A problematic issue has been found in the file editt.php, where the manipulation of the id argument leads to cross-site scripting. The attack can be launched remotely. Recommendations:...

PT-2023-31447 · Unknown · Hotel Booking Management

Name of the Vulnerable Software and Affected Versions: Hotel Booking Management version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the npss parameter at the "rooms.php" endpoint. Recommendations: For Hotel Booking Management...

Improper access control

A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...

JVN#46895889: RakRak Document Plus vulnerable to path traversal

RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. Solution Update the Software Update the software to t...

Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)

Overview Trend Micro Apex Central is vulnerable to multiple server-side request forgeries. Trend Micro Incorporated has released Patch 5 build 6481 for Trend Micro Apex Central. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact...

PT-2023-18008 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the load dt data function of storage.c due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privilege...

CLSA-2023-1683815086 Fix CVE(s): CVE-2023-25652, CVE-2023-29007

SECURITY UPDATE: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch - debian/patches/CVE-2023-25652.patch: removing a link instead of writing into ...

VMware Releases Security Update for Aria Operations for Logs

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs formerly vRealize Log Insight. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

PT-2023-17839 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the append camera metadata function of camera metadata.c due to a missing bounds check. This could lead to local information disclosure, requiring System...

PT-2023-17086 · Unknown · Syoyo Tinydng

Name of the Vulnerable Software and Affected Versions: syoyo tinydng affected versions not specified Description: A problematic issue has been found, affecting the interceptor memcpy function of the file tiny dng loader.h. This leads to a heap-based buffer overflow. Local access is required for a...

Sql injection

A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function getsongrelations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a...

Path Traversal in web-node-server

A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommende...

Sql injection

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function createpoll/dopoll/showpoll/showrefresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is...

Xxe

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended ...

CVE-2007-10001 web-cyradm search.php sql injection

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this...

Sql injection

A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifi...

PT-2022-9021 · Modern Tribe · Modern Tribe Panel Builder Plugin

Name of the Vulnerable Software and Affected Versions: Modern Tribe Panel Builder Plugin affected versions not specified Description: A critical vulnerability has been found in the Modern Tribe Panel Builder Plugin, affecting the add post content filtered to search sql function of the...

PT-2022-9017 · Unknown · Sah-Comp Bienlein

Name of the Vulnerable Software and Affected Versions: sah-comp bienlein affected versions not specified Description: A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The...

CVE-2021-4258 whohas Package Information cleartext transmission

A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of th...

PT-2022-27111 · Pdftojson · Pdftojson

Name of the Vulnerable Software and Affected Versions: pdftojson version 94204bb Description: The issue is related to a stack overflow in the Object::copyObject:Object.cc component. This occurs due to a problem in the pdftojson commit 94204bb. Recommendations: For version 94204bb, consider applyi...