137 matches found
PT-2024-20889 · Unknown · Employee Management System
Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: A SQL injection issue allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the "login.php" endpoint. This enables the attacker to...
PT-2024-2263 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetPPTPServer function of the file /goform/SetPptpServerCfg. The manipulation of the startIP argument leads to a stack-based buffer overflow. This issue can be...
PT-2024-21393 · Unknown · Klik Socialmediawebsite
Name of the Vulnerable Software and Affected Versions: KLiK SocialMediaWebsite version 1.0.1 Description: A reflected cross-site scripting XSS vulnerability may allow remote attackers to execute arbitrary JavaScript in the web browser of a user. This can be achieved by including a malicious paylo...
PT-2024-20228 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue is related to SQL Injection. The com.jsh.erp.controller.MaterialController, specifically the getListWithStock function, does not properly filter the column and order parameters, allowing an attacker t...
PT-2024-20409 · Unknown · Flusity-Cms
Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the "add customblock.php" endpoint. Recommendations: For flusity-CMS version 2.33, consider disabling access to th...
PT-2024-20146 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, resulting from insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/currencycreate.php endpoin...
PT-2024-20132 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A vulnerability has been reported in Cups Easy Purchase & Inventory whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via...
PT-2024-20130 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This issue can be exploited via the /cupseasylive/grndisplay.php endpoint,...
PT-2024-20154 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, resulting from insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/countrymodify.php endpoint...
PT-2024-20153 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This can be exploited via the "/cupseasylive/grnmodify.php" API endpoint,...
PT-2024-20148 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This can be exploited via the /cupseasylive/statemodify.php endpoint,...
PT-2024-20165 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS vulnerability has been reported, resulting from insufficient encoding of user-controlled inputs. This issue can be exploited via the /cupseasylive/stock.php...
PT-2024-19451 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalcms version 5.0.0 Description: A stored XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the "/gusetbook/save" API endpoint, specifically through the mobile parameter. This enables attackers to...
PT-2024-15379 · Ai Magic · Ai Magic
Name of the Vulnerable Software and Affected Versions: Magic-Api versions up to 2.0.1 Description: A critical vulnerability has been found in Magic-Api, affecting an unknown functionality of the file "/resource/file/api/save?auto=1". The manipulation leads to code injection, and the attack can be...
PT-2023-8246 · Totolink · Totolink N350Rt
Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6139 B20201216 Description: A critical issue affects the processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler, leading to a stack-based buffer overflow. Th...
PT-2023-32812 · Netentsec · Netentsec Ns-Asg Application Security Gateway
Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3.1 Description: A critical issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects the file /admin/singlelogin.php?submit=1 and is related to the...
PT-2023-32765 · Thecosy · Thecosy Icecms
Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS version 2.0.1 Description: A critical vulnerability was found in Thecosy IceCMS, affecting an unknown function of the file /article/DelectArticleById/ of the component Article Handler. This issue leads to permission problems an...
PT-2023-8221 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to the fixed version Description: The issue is related to a lack of validation for relative paths in the /plugins/playbooks/api/v0/telemetry/run/ endpoint, allowing an attacker to use a path traversal payload to poin...
PT-2023-31191 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the /admin/tag/update API endpoint. Recommendations: For JFinalCMS version 5.0.0, consider...
PT-2023-32485 · Unknown · Elijaa/Phpmemcachedadmin
Name of the Vulnerable Software and Affected Versions: elijaa/phpmemcachedadmin version 1.3.0 Description: A critical flaw has been identified, specifically related to a stored XSS vulnerability, allowing malicious actors to insert a carefully crafted JavaScript payload. The issue arises from...