Lucene search
+L

137 matches found

Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.6 views

PT-2024-32068 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the "/admin/doAdminAction.php" API endpoint, specifically when the act parameter is set to delCate and the...

4.7CVSS6.8AI score0.00212EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.8 views

PT-2024-39096 · Sourcecodester · Sourcecodester Online Food Menu

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Menu version 1.0 Description: A critical issue has been found in the processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to SQL injection. The attack may be initiated...

7.2CVSS5.8AI score0.00412EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.9 views

PT-2024-39104 · Itsourcecode · Itsourcecode Payroll Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Payroll Management System version 1.0 Description: A critical issue has been found in the processing of the file "/ajax.php?action=delete deductions". The manipulation of the id argument leads to SQL injection. The attack may be...

9.8CVSS8.1AI score0.00701EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2024/09/06 9:37 p.m.37 views

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

7.2CVSS6.6AI score0.00473EPSS
Exploits0References9Affected Software2
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.8 views

PT-2024-6435 · Tenda · Tenda O1

Name of the Vulnerable Software and Affected Versions: Tenda O1 version 1.0.0.710648 Description: A critical vulnerability has been found in the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to a stack-based buffer overflow. This issue can be...

10CVSS8.8AI score0.01255EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.10 views

PT-2024-8672 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 15.11.0.20 Description: A critical issue has been found in the Tenda G3, affecting the formSetDebugCfg function of the file /goform/setDebugCfg. The manipulation of the enable/level/module argument leads to a stack-based buff...

9.8CVSS9.1AI score0.01213EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.6 views

PT-2024-30160 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/music/ajax.php?action=save music" endpoint, allowing remote attackers to execute arbitrary code via the title and artist...

6.1CVSS6.6AI score0.00492EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-30138 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system via the "/admin/delete room.php" API endpoint. This allows an attacker to perform unauthorized actions on the system...

6.8CVSS6.8AI score0.00173EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.6 views

PT-2024-30156 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue exists in the "/music/controller.php?page=view music" endpoint, allowing an attacker to execute arbitrary SQL commands via the id parameter. This enables attacke...

9.8CVSS8.2AI score0.00608EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.6 views

PT-2024-30154 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/ajax.php?action=find music" endpoint allows an attacker to execute arbitrary SQL commands via the search parameter. This enables the attacker to...

9.8CVSS8.2AI score0.00445EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-38754 · Genexis · Genexis Tilgin Home Gateway

Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec...

5.3CVSS4.1AI score0.00338EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30011 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System version 91caab8 Description: A SQL injection vulnerability was discovered in the Hotel Management System via the book id parameter at the "admin room history.php" endpoint. This issue allows for potential unauthenticat...

8.6CVSS8.2AI score0.00529EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.14 views

PT-2024-30083 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider disabling acces...

8.8CVSS6.8AI score0.0031EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.9 views

PT-2024-7539 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 Description: A critical vulnerability has been found in the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to a stack-based buffer overflow. This issue can be...

9CVSS9AI score0.01096EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.15 views

PT-2024-6683 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.88155 Description: A critical vulnerability was found in the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to a stack-based buffer overflow. It is possible to...

10CVSS8.8AI score0.01467EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.8 views

PT-2024-25596 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server, potentially retrieving all stored information throug...

9.8CVSS7.3AI score0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.9 views

PT-2024-25591 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This can lead to the retrieval of all information...

9.8CVSS7.2AI score0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-38179

Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/ajax.php?action=login. The manipulation of the username argument leads to SQL...

9.8CVSS7.2AI score0.00788EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.4 views

PT-2024-38158 · Sourcecodester · Sourcecodester Complaint Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complaints Report Management System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file "/admin/ajax.php?action=login". The manipulation of the username argument leads t...

9.8CVSS7.6AI score0.00581EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.7 views

PT-2024-37725

Name of the Vulnerable Software and Affected Versions Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled. Th...

5.3CVSS5.2AI score0.00849EPSS
Exploits0References7
Rows per page
Query Builder