575 matches found
CVE-2024-33964
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...
CVE-2024-33962
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...
CVE-2024-33960
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...
CVE-2024-33971
CVE-2024-33971 describes an SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment software (version 1.0, janobe products) where an attacker can exploit the username parameter passed to the /login.php endpoint to retrieve data. Documents consistently tie this to SQL injecti...
CVE-2024-33967
CVE-2024-33967 describes an SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by targeting the /AttendanceMonitoring/report/attendance_print.php endpoint. An attacker can craft a query via the view parameter to retrieve all data stored in the system, specificall...
CVE-2024-33966
CVE-2024-33966 concerns a SQL injection in the Janobe product family, specifically in the PayPal, Credit Card and Debit Card Payment software v1.0. The vulnerability arises from unsafe handling of the input in the xtsearch parameter of /admin/mod_reports/index.php, allowing an attacker to potenti...
CVE-2024-33965 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in...
CVE-2024-33965
CVE-2024-33965 is a SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by janobe, exposed via the /tubigangarden/admin/mod_accomodation/index.php?view parameter. Multiple connected sources corroborate that a specially crafted query can exfiltrate stored data. Pub...
CVE-2024-33964 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...
CVE-2024-33962 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...
CVE-2024-33960 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...
CVE-2024-33960 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...
CVE-2024-33960
CVE-2024-33960 concerns a SQL injection in Janobe PayPal/Card Payment software v1.0. The vulnerability allows an attacker to craft a query via the parameter named “end” in the endpoint “/admin/mod_reports/printreport.php” and potentially retrieve information stored by the server. Several connecte...
CVE-2024-33959
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in...
CVE-2024-33959
SQL injection in Janobe PayPal product (PayPal, Credit Card and Debit Card Payment) version 1.0 allows an attacker to craft a query to the server and extract all data via the 'categ' parameter in /admin/mod_reports/printreport.php. Affected component is the server-side query handling for reports;...
CVE-2024-33957 SQL injection in Janobe E-Negosyo System
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter...
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...
CVE-2024-36984
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code...
CVE-2024-36984
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code...
CVE-2024-36984
CVE-2024-36984 : Splunk Enterprise on Windows is vulnerable to remote code execution through deserialization via a crafted query. An authenticated user can use a specific query to serialize untrusted data, leading to arbitrary code execution. Affected versions are Windows builds of Splunk Enterpr...