100 matches found
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...
CVE-2024-30927
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30929
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...
CVE-2024-31818
Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component...
DerbyNet print/render/award.inc Script SQL Injection Vulnerability
DerbyNet is a simple code for a match broadcasting program. A SQL injection vulnerability exists in the DerbyNet print/render/award.inc script, which can be exploited by an attacker to be able to view, add, modify, or delete information in the back-end database...
DerbyNet order parameter cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet order parameter due to improper validation of user-supplied input by the checkin.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
DerbyNet back parameter cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...
DerbyNet racerid parameter cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input by the racer-results.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
DerbyNet . /inc/kiosks.inc Script Cross-Site Scripting Vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet . /inc/kiosks.inc script suffers from a cross-site scripting vulnerability that can be exploited by an attacker to steal a victim's cookie-based authentication credentials...
DerbyNet photo.php script cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet photo.php script due to improper validation of user-supplied input in the photo.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
DerbyNet racerid parameter cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input in the photo-thumbs.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
DerbyNet classids parameter SQL injection vulnerability
DerbyNet is a simple code for a match broadcasting program. A SQL injection vulnerability exists in the DerbyNet classids parameter, which can be exploited to send crafted SQL statements to ajax/query.slide.next.inc scripts using the 'classids' parameter, allowing an attacker to view, add, modify...
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...