137 matches found
PT-2024-32068 · Unknown · Dingfanzu Cms
Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the "/admin/doAdminAction.php" API endpoint, specifically when the act parameter is set to delCate and the...
PT-2024-39096 · Sourcecodester · Sourcecodester Online Food Menu
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Menu version 1.0 Description: A critical issue has been found in the processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to SQL injection. The attack may be initiated...
PT-2024-39104 · Itsourcecode · Itsourcecode Payroll Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Payroll Management System version 1.0 Description: A critical issue has been found in the processing of the file "/ajax.php?action=delete deductions". The manipulation of the id argument leads to SQL injection. The attack may be...
Default installation of `synthetic-monitoring-agent` exposes sensitive information
Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...
PT-2024-6435 · Tenda · Tenda O1
Name of the Vulnerable Software and Affected Versions: Tenda O1 version 1.0.0.710648 Description: A critical vulnerability has been found in the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to a stack-based buffer overflow. This issue can be...
PT-2024-8672 · Tenda · Tenda G3
Name of the Vulnerable Software and Affected Versions: Tenda G3 version 15.11.0.20 Description: A critical issue has been found in the Tenda G3, affecting the formSetDebugCfg function of the file /goform/setDebugCfg. The manipulation of the enable/level/module argument leads to a stack-based buff...
PT-2024-30160 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/music/ajax.php?action=save music" endpoint, allowing remote attackers to execute arbitrary code via the title and artist...
PT-2024-30138 · Unknown · Kashipara Hotel Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system via the "/admin/delete room.php" API endpoint. This allows an attacker to perform unauthorized actions on the system...
PT-2024-30156 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue exists in the "/music/controller.php?page=view music" endpoint, allowing an attacker to execute arbitrary SQL commands via the id parameter. This enables attacke...
PT-2024-30154 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/ajax.php?action=find music" endpoint allows an attacker to execute arbitrary SQL commands via the search parameter. This enables the attacker to...
PT-2024-38754 · Genexis · Genexis Tilgin Home Gateway
Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec...
PT-2024-30011 · Unknown · Hotel Management System
Name of the Vulnerable Software and Affected Versions: Hotel Management System version 91caab8 Description: A SQL injection vulnerability was discovered in the Hotel Management System via the book id parameter at the "admin room history.php" endpoint. This issue allows for potential unauthenticat...
PT-2024-30083 · Frog Cms · Frog Cms
Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider disabling acces...
PT-2024-7539 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 Description: A critical vulnerability has been found in the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to a stack-based buffer overflow. This issue can be...
PT-2024-6683 · Tenda · Tenda Fh1206
Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.88155 Description: A critical vulnerability was found in the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to a stack-based buffer overflow. It is possible to...
PT-2024-25596 · Paypal · Paypal
Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server, potentially retrieving all stored information throug...
PT-2024-25591 · Paypal · Paypal
Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This can lead to the retrieval of all information...
PT-2024-38179
Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/ajax.php?action=login. The manipulation of the username argument leads to SQL...
PT-2024-38158 · Sourcecodester · Sourcecodester Complaint Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Complaints Report Management System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file "/admin/ajax.php?action=login". The manipulation of the username argument leads t...
PT-2024-37725
Name of the Vulnerable Software and Affected Versions Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled. Th...