PT-2023-21305 · Sourcecodester · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical issue has been found in the processing of the file /jurusanmatkul/data, where the manipulation of the argument columns1data leads to SQL injection. The attack can be...

CLSA-2023-1679000846 Fix of 6 CVEs

SECURITY UPDATE: New microcode data file 2023-02-14 - New microcodes: sig 0x000606c1, pfmask 0x10, 2022-09-23, rev 0x1000211, size 289792 sig 0x000806f4, pfmask 0x10, 2022-12-19, rev 0x2c000170, size 600064 sig 0x000806f4, pfmask 0x87, 2022-12-27, rev 0x2b000181, size 561152 sig 0x000806f5, pfmas...

bumsys SQL注入漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. unilogies bumsys version before v2.0.2 has a SQL injection vulnerability , the vulnerability stems from core/ajax/ajaxdata.php in the SQL injection...

SUSE CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...

SUSE CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

SUSE CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

SUSE CVE-2019-10879

In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled...

SUSE CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

SUSE CVE-2019-16225

An issue was discovered in py-lmdb 0.97. For certain values of mpflags, mdbpagetouch does not properly set up mc-mcpgmc-top, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

SUSE CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

Apple iOS 安全漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS versions prior to 16, which stems from a problem with the path to a file used to store website data, and can be exploited by an attacker to access browsing history. The...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2020-15329

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions...

CVE-2022-23902

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in exportdata.php via the dname parameter...

PT-2022-16322 · Unknown · Tongda2000

Name of the Vulnerable Software and Affected Versions: Tongda2000 version 11.10 Description: A SQL injection issue was found in export data.php via the d name parameter. This allows for potential exploitation. Recommendations: For Tongda2000 version 11.10, consider restricting access to the expor...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14473)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14472)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14463)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Codex 跨站脚本漏洞

Codex is a free notebook software for programmers and computer science majors from the US-based individual developer Josh Vickery. A cross-site scripting vulnerability exists in Codex versions prior to 1.4.0, which stems from a lack of effective filtering and escaping of the Name field of...

Design/Logic Flaw

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...