Lucene search
+L

49 matches found

Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.328 views

Campcodes Online Hospital Management System 1.0 - SQL Injection

Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/online-hospital-management-system-using-php-and-mysql/ Version: 1.0 Teste...

9.8CVSS7.1AI score0.00758EPSS
Exploits3
OSV
OSV
added 2025/05/12 1:15 a.m.4 views

CVE-2025-4553

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may...

9.8CVSS5.8AI score0.00432EPSS
Exploits1References5
OSV
OSV
added 2025/04/29 6:15 p.m.3 views

CVE-2025-4074

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack...

9.8CVSS5.8AI score0.00498EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.3 views

PT-2024-25883 · Sourcecodester · Sourcecodester Prison Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Prison Management System. This issue affects the file /Employee/apply leave.php, where the manipulation of the txtsta...

5.4CVSS4.3AI score0.0055EPSS
Exploits1References7
Prion
Prion
added 2024/02/23 3:15 p.m.11 views

Cross site scripting

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

6.3AI score0.00474EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/23 12:0 a.m.11 views

CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

6AI score0.00474EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 5:47 p.m.5 views

USN-6553-1 pydantic vulnerability

Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial of service via application crash. CVE-2021-29510...

7.5CVSS7.1AI score0.00967EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.21 views

Ubuntu 20.04 ESM : Pydantic vulnerability (USN-6553-1)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6553-1 advisory. Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial o...

7.5CVSS7.3AI score0.00967EPSS
Exploits0References2
OSV
OSV
added 2023/04/27 7:37 p.m.20 views

GHSA-X9XJ-PQMV-8JF7 Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

4CVSS4.8AI score0.00403EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/04/27 7:37 p.m.26 views

Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

5.4CVSS5.6AI score0.00403EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/06 5:15 p.m.9 views

CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded in...

8.2CVSS6.2AI score0.00266EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/06 5:15 p.m.25 views

Sql injection

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded in...

2.1CVSS6.2AI score0.00266EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/01/25 12:0 a.m.16 views

Debian: Security Advisory (DLA-2897-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.2AI score0.01749EPSS
Exploits0References4
NVD
NVD
added 2021/11/30 12:15 p.m.17 views

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS0.00999EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/11/30 12:15 p.m.5 views

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS5.8AI score0.00999EPSS
Exploits0References2
Prion
Prion
added 2021/11/30 12:15 p.m.14 views

Input validation

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which...

4CVSS4.6AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/30 11:28 a.m.21 views

CVE-2021-42121 Denial of Service via Invalid Date Format in TopEase

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS4.9AI score0.00999EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability of Pydantic’s date fields in data analysis and verification processes, related to executing a loop with an unavailable exit condition, allows attackers to cause service failures.

The vulnerability of the date field in Pydantic’s data analysis and verification mechanisms is related to the incorrect handling of data types like infinity, inf, and float'inf' within the date field. Exploiting this vulnerability can allow an attacker to cause service failures...

7.5CVSS7.2AI score0.00967EPSS
Exploits0References5Affected Software2
PyPA
PyPA
added 2021/05/13 7:15 p.m.6 views

PYSEC-2021-47

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Pydantic has been patched with fixes...

7.5CVSS6.8AI score0.00967EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/05/13 6:55 p.m.24 views

CVE-2021-29510

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Pydantic has been patched with fixes...

7.5CVSS7.5AI score0.00967EPSS
Exploits0
Rows per page
Query Builder