277 matches found
CVE-2024-2676
A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2024-2672
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...
Campcodes Online Job Finder System SQL Injection Vulnerability
Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the JOBREGID parameter of the /admin/applicants/controller.p...
Campcodes Online Job Finder System Security Vulnerability
Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a cross-site scripting vulnerability in the EMPLOYEEID parameter of the...
PT-2024-21511 · Unknown · Campcodes Online Job Finder System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the JOBREGID argument leads to SQL...
PT-2024-21508 · Unknown · Campcodes Online Job Finder System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown functionality of the file /admin/category/controller.php. The manipulation of the CATEGORYID argument lead...
The vulnerability of the Jenkins HTML Publisher plugin, which exists due to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks and determine whether a path to the Jenkins controller’s file system exists.
The vulnerability of the Jenkins HTML Publisher plugin exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and determine whether there is a path to the Jenkins controller’...
CVE-2024-28151
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...
CVE-2024-20345
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
BIT-JENKINS-2023-43498
In Jenkins LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to rea...
PT-2024-2178 · Cisco · Cisco Appdynamics Controller
Name of the Vulnerable Software and Affected Versions: Cisco AppDynamics Controller affected versions not specified Description: A vulnerability in the file upload functionality could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This issue ...
71CMS Security Breach
71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...
PT-2024-18238 · Shopwind · Shopwind
Name of the Vulnerable Software and Affected Versions: Shopwind versions up to 4.6 Description: A critical issue affects the actionCreate function of the /public/install/controllers/DefaultController.php file in the Installation component, leading to code injection. The attack can be initiated...
Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC Security Vulnerabilities
Honeywell ControlEdge VirtualUOC and Honeywell ControlEdge UOC are both products of Honeywell, Inc.Honeywell ControlEdge VirtualUOC is a virtual unit operator controller. Honeywell ControlEdge UOC is a unit operation controller. A security vulnerability exists in the Honeywell ControlEdge Virtual...
CVE-2024-23899
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
ZhiCms Code Issues Vulnerabilities
ZhiCms is a professional buy-worthy system of ZhiCms community. ZhiCms 4.0 before the version of the code problem vulnerability, the vulnerability stems from app/plug/controller/giftcontroller.php in the existence of unknown parts, through the parameter mylike lead to deserialization...
CVE-2023-50774
A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50776
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-50774
A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...