Lucene search
+L

277 matches found

OSV
OSV
added 2024/03/20 6:15 a.m.6 views

CVE-2024-2676

A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS5.7AI score0.00533EPSS
Exploits1References3
OSV
OSV
added 2024/03/20 5:15 a.m.3 views

CVE-2024-2672

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...

6.5CVSS5.7AI score0.00601EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.8 views

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the JOBREGID parameter of the /admin/applicants/controller.p...

6.5CVSS7.9AI score0.00496EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.5 views

Campcodes Online Job Finder System Security Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a cross-site scripting vulnerability in the EMPLOYEEID parameter of the...

6.1CVSS6.1AI score0.00595EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.7 views

PT-2024-21511 · Unknown · Campcodes Online Job Finder System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the JOBREGID argument leads to SQL...

6.5CVSS7.2AI score0.00496EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.4 views

PT-2024-21508 · Unknown · Campcodes Online Job Finder System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown functionality of the file /admin/category/controller.php. The manipulation of the CATEGORYID argument lead...

6.5CVSS7.1AI score0.00496EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2024/03/15 12:0 a.m.8 views

The vulnerability of the Jenkins HTML Publisher plugin, which exists due to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks and determine whether a path to the Jenkins controller’s file system exists.

The vulnerability of the Jenkins HTML Publisher plugin exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and determine whether there is a path to the Jenkins controller’...

9CVSS6.6AI score0.00698EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/06 5:15 p.m.9 views

CVE-2024-28151

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

4.3CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2024/03/06 5:15 p.m.6 views

CVE-2024-20345

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

6.5CVSS5.8AI score0.02155EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:54 a.m.33 views

BIT-JENKINS-2023-43498

In Jenkins LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to rea...

8.1CVSS7.9AI score0.008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.6 views

PT-2024-2178 · Cisco · Cisco Appdynamics Controller

Name of the Vulnerable Software and Affected Versions: Cisco AppDynamics Controller affected versions not specified Description: A vulnerability in the file upload functionality could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This issue ...

6.8CVSS6.8AI score0.02155EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

71CMS Security Breach

71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...

6.1CVSS7.7AI score0.00549EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.11 views

PT-2024-18238 · Shopwind · Shopwind

Name of the Vulnerable Software and Affected Versions: Shopwind versions up to 4.6 Description: A critical issue affects the actionCreate function of the /public/install/controllers/DefaultController.php file in the Installation component, leading to code injection. The attack can be initiated...

8.1CVSS6.2AI score0.00594EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.7 views

Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC Security Vulnerabilities

Honeywell ControlEdge VirtualUOC and Honeywell ControlEdge UOC are both products of Honeywell, Inc.Honeywell ControlEdge VirtualUOC is a virtual unit operator controller. Honeywell ControlEdge UOC is a unit operation controller. A security vulnerability exists in the Honeywell ControlEdge Virtual...

5.3CVSS6.5AI score0.0057EPSS
Exploits0References3
OSV
OSV
added 2024/01/24 6:15 p.m.6 views

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

6.5CVSS6.9AI score
Exploits0References2
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

ZhiCms Code Issues Vulnerabilities

ZhiCms is a professional buy-worthy system of ZhiCms community. ZhiCms 4.0 before the version of the code problem vulnerability, the vulnerability stems from app/plug/controller/giftcontroller.php in the existence of unknown parts, through the parameter mylike lead to deserialization...

9.8CVSS7AI score0.00857EPSS
Exploits0References4
OSV
OSV
added 2023/12/13 6:15 p.m.22 views

CVE-2023-50774

A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...

8.1CVSS8.2AI score
Exploits0References2
Prion
Prion
added 2023/12/13 6:15 p.m.22 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...

5.8CVSS7.1AI score0.00493EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.36 views

CVE-2023-50776

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

5.4AI score0.00339EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.34 views

CVE-2023-50774

A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...

8.3AI score0.00493EPSS
Exploits0References2
Rows per page
Query Builder