100 matches found
DerbyNet 跨站脚本漏洞
DerbyNet is a simple code for match broadcasting projects. A cross-site scripting vulnerability exists in DerbyNet version 9.0 that stems from a failure to properly clean up user input in the document rendering path, which allows injection of malicious script...
PT-2024-23679 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...
PT-2024-23677 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the racer-results.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below, conside...
DerbyNet 9.0 photo.php Cross Site Scripting
CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...
DerbyNet 9.0 playlist.php Cross Site Scripting
CVE ID: CVE-2024-30929 Description: A Cross-Site Scripting XSS vulnerability has been found in DerbyNet version 9.0, affecting the playlist.php component. This issue allows remote attackers to execute arbitrary code by exploiting the back parameter. The application does not properly sanitize the...
PT-2024-23671 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the photo.php component. This enables the attacker to perform unauthorized actions on the affected system...
DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...
DerbyNet 9.0 render-document.php Cross Site Scripting
CVE ID: CVE-2024-30920 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet v9.0, specifically within the render-document.php component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is...
PT-2024-23672 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet version 9.0 Description: The issue allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. This is a SQL Injection vulnerability. Recommendations: For DerbyNet version 9.0, consider...
DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
CVE ID: CVE-2024-30928 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the ajax/query.slide.next.inc file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the...
PT-2024-23678 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary SQL commands via the classids Parameter in the "ajax/query.slide.next.inc" endpoint. This enables attackers to manipulate database queries, potential...
PT-2024-23670 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...
PT-2024-23673 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering. This is a SQL Injection vulnerability. Recommendations: For DerbyNet versions 9.0 and...
DerbyNet 9.0 photo-thumbs.php Cross Site Scripting
CVE ID: CVE-2024-30925 Description: A Cross-Site Scripting XSS vulnerability exists in DerbyNet version 9.0, specifically within the photo-thumbs.php component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the racerid and back parameters. The...
DerbyNet 9.0 print/render/award.inc SQL Injection
CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...
PT-2024-23674 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows attackers to execute arbitrary code via the "checkin.php" component. This enables attackers to perform malicious actions on the affected system. Recommendations:...
DerbyNet 9.0 racer-results.php Cross Site Scripting
CVE ID: CVE-2024-30927 Description: A Cross-Site Scripting XSS vulnerability is present in DerbyNet version 9.0, specifically within the racer-results.php component. This issue allows remote attackers to execute arbitrary code through the improper handling of the racerid parameter. The...
DerbyNet 9.0 print/render/racer.inc SQL Injection
CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...
PT-2024-23675 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the photo-thumbs.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below, consider...
DerbyNet 9.0 checkin.php Cross Site Scripting
CVE ID: CVE-2024-30924 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically within the checkin.php component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling of the order URL parameter. The fl...