Lucene search
K

100 matches found

CNNVD
CNNVD
added 2024/04/08 12:0 a.m.4 views

DerbyNet 跨站脚本漏洞

DerbyNet is a simple code for match broadcasting projects. A cross-site scripting vulnerability exists in DerbyNet version 9.0 that stems from a failure to properly clean up user input in the document rendering path, which allows injection of malicious script...

7.4CVSS6.6AI score0.01027EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/04/06 12:0 a.m.5 views

PT-2024-23679 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...

8CVSS7.5AI score0.00981EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.7 views

PT-2024-23677 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the racer-results.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below, conside...

6.3CVSS7.5AI score0.00551EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.353 views

DerbyNet 9.0 photo.php Cross Site Scripting

CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...

7.4AI score0.0062EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.282 views

DerbyNet 9.0 playlist.php Cross Site Scripting

CVE ID: CVE-2024-30929 Description: A Cross-Site Scripting XSS vulnerability has been found in DerbyNet version 9.0, affecting the playlist.php component. This issue allows remote attackers to execute arbitrary code by exploiting the back parameter. The application does not properly sanitize the...

7.4AI score0.00981EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.5 views

PT-2024-23671 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the photo.php component. This enables the attacker to perform unauthorized actions on the affected system...

5.4CVSS7.5AI score0.0062EPSS
Exploits2References7
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.302 views

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

7.4AI score0.00511EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.263 views

DerbyNet 9.0 render-document.php Cross Site Scripting

CVE ID: CVE-2024-30920 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet v9.0, specifically within the render-document.php component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is...

7.4AI score0.01027EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.6 views

PT-2024-23672 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet version 9.0 Description: The issue allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. This is a SQL Injection vulnerability. Recommendations: For DerbyNet version 9.0, consider...

9.8CVSS8.8AI score0.01429EPSS
Exploits2References8
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.274 views

DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection

CVE ID: CVE-2024-30928 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the ajax/query.slide.next.inc file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the...

7.4AI score0.00724EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.5 views

PT-2024-23678 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary SQL commands via the classids Parameter in the "ajax/query.slide.next.inc" endpoint. This enables attackers to manipulate database queries, potential...

8.1CVSS8.2AI score0.00724EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.7 views

PT-2024-23670 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...

7.4CVSS7.6AI score0.01027EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.3 views

PT-2024-23673 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering. This is a SQL Injection vulnerability. Recommendations: For DerbyNet versions 9.0 and...

9.8CVSS9.1AI score0.0137EPSS
Exploits2References8
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.287 views

DerbyNet 9.0 photo-thumbs.php Cross Site Scripting

CVE ID: CVE-2024-30925 Description: A Cross-Site Scripting XSS vulnerability exists in DerbyNet version 9.0, specifically within the photo-thumbs.php component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the racerid and back parameters. The...

7.4AI score0.00567EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.316 views

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

7.4AI score0.01429EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.4 views

PT-2024-23674 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows attackers to execute arbitrary code via the "checkin.php" component. This enables attackers to perform malicious actions on the affected system. Recommendations:...

4.6CVSS7.4AI score0.00341EPSS
Exploits2References7
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.276 views

DerbyNet 9.0 racer-results.php Cross Site Scripting

CVE ID: CVE-2024-30927 Description: A Cross-Site Scripting XSS vulnerability is present in DerbyNet version 9.0, specifically within the racer-results.php component. This issue allows remote attackers to execute arbitrary code through the improper handling of the racerid parameter. The...

7.4AI score0.00551EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.300 views

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

7.4AI score0.0137EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.6 views

PT-2024-23675 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the photo-thumbs.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below, consider...

6.5CVSS7.6AI score0.00567EPSS
Exploits2References7
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.287 views

DerbyNet 9.0 checkin.php Cross Site Scripting

CVE ID: CVE-2024-30924 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically within the checkin.php component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling of the order URL parameter. The fl...

7.4AI score0.00341EPSS
Exploits2
Rows per page
Query Builder