48 matches found
CVE-2025-25382
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...
Information Kerala Mission SANCHAYA 安全漏洞
Information Kerala Mission SANCHAYA is a web-based application of the Information Kerala Mission Government of India department through which citizens can check their tax dues. A security vulnerability exists in Information Kerala Mission SANCHAYA v3.0.4. An attacker can exploit the vulnerability...
CVE-2025-25382
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...
CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
CVE-2022-48359
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality...
Code injection
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality...
Design/Logic Flaw
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...
U.S. Dept Of Defense: AWS Credentials Disclosure at ███
Sensitive AWS credentials were disclosed through a config.json file found on a server. An attacker could have used these credentials to gain access to sensitive information on the AWS account or perform arbitrary modifications on AWS resources. The affected system host was not disclosed. No CVE...
Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders
Lines of code Vulnerability details function matchOneToOneOrders OrderTypes.MakerOrder calldata makerOrders1, OrderTypes.MakerOrder calldata makerOrders2 external uint256 startGas = gasleft; uint256 numMakerOrders = makerOrders1.length; requiremsg.sender == MATCHEXECUTOR, 'OME';...
WordPress Content Mask plugin has an unspecified vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...
Schneider Electric Modicon M221 PLCs and SoMachine Basic Protection Mechanism Failure (CVE-2017-7575)
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to arbitrarily modify and set system properties...
CVE-2021-33346
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...
Ubuntu: Security Advisory (USN-4679-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Logic flaw vulnerability in ejucms Ar***.php file
EJU real estate system ejucms is a set of localized O2O real estate website platform system. ejucms Ar.php file has a logic flaw vulnerability attackers can exploit the vulnerability to arbitrarily modify the listing information...
Design/Logic Flaw
Samsung Kies before 2.5.0.120942711 has arbitrary directory modification...