CVE-2024-30927

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

CVE-2024-30921

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...

CVE-2024-31818

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component...

DerbyNet back parameter cross-site scripting vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...

DerbyNet racerid parameter cross-site scripting vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input by the racer-results.php script. An attacker could use this vulnerability to steal the victim's cookie-based...

DerbyNet racerid parameter cross-site scripting vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input in the photo-thumbs.php script. An attacker could use this vulnerability to steal the victim's cookie-based...

DerbyNet classids parameter SQL injection vulnerability

DerbyNet is a simple code for a match broadcasting program. A SQL injection vulnerability exists in the DerbyNet classids parameter, which can be exploited to send crafted SQL statements to ajax/query.slide.next.inc scripts using the 'classids' parameter, allowing an attacker to view, add, modify...

CVE-2024-30925

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A security vulnerability exists in DerbyNet version v.9.0, which stems from a directory traversal vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via the page parameter of the kiosk.php component...