162 matches found
PT-2024-29363
Name of the Vulnerable Software and Affected Versions OpenFlights commit 5234b5b Description The issue is a Cross-Site Scripting XSS vulnerability found in the php/trip.php file. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or...
PT-2024-11620 · Teldats · Teldats Router
Name of the Vulnerable Software and Affected Versions: Teldats Router versions RS123, RS123w Description: The issue allows an attacker to execute arbitrary code via the cmdcookie parameter to the "upgrade/query.php" page. This enables the attacker to perform Cross Site Scripting attacks...
PT-2024-31254 · Unknown · Picuploader
Name of the Vulnerable Software and Affected Versions: PicUploader version fcf82ea Description: A cross-site scripting XSS issue exists in the /auth/AzureRedirect.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error description...
PT-2024-31255 · Gazelle · Gazelle
Name of the Vulnerable Software and Affected Versions: Gazelle version 63b3370 Description: A cross-site scripting XSS issue in the /managers/enable requests.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...
PT-2024-30047 · Unknown · Warehouse Inventory System
Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version v2.0 Description: A Cross-Site Request Forgery CSRF issue in the delete media.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version v2.0, consider...
PT-2024-38699 · Unknown · Itsourcecode Project Expense Monitoring System
Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file execute.php. The manipulation of the code argument leads to sql injection. This issue...
PT-2024-38624 · Sourcecodester · Sourcecodester Online Graduate Tracer System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /tracking/admin/fetch it.php. The manipulation of the request argument leads to s...
PT-2024-30104 · Unknown · Super Easy Enterprise Management System
Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and before Description: The issue allows a local attacker to execute arbitrary code via a crafted script to the "/ajax/Login.ashx" component. This enables the attacker to potentially gain...
PT-2024-38506 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A problematic issue was found in the file add act.php, where the manipulation of the aname argument leads to cross-site scripting. The attack can be launche...
PT-2024-28860 · Sourcecodester · Sourcecodester Best House Rental Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "manage houses.php" file. It allows remote attackers to execute arbitrary code via the House no and Descripti...
PT-2024-37779
Name of the Vulnerable Software and Affected Versions itsourcecode Gym Management System version 1.0 Description A critical issue has been found in the itsourcecode Gym Management System, affecting the file manage member.php. The manipulation of the id argument leads to SQL injection. This issue...
PT-2024-27075 · Unknown · Getsetprop
Name of the Vulnerable Software and Affected Versions: getsetprop version 1.1.0 Description: A Prototype Pollution issue allows an attacker to execute arbitrary code via global.accessor. Recommendations: For getsetprop version 1.1.0, consider disabling access to the global.accessor until a patch ...
PT-2024-13697 · Precor · Precor Touchscreen Console P82
Name of the Vulnerable Software and Affected Versions: Precor touchscreen console P82 Description: The issue concerns a private SSH key in the Precor touchscreen console P82 that corresponds to a default public key. This could allow a remote attacker to gain root privileges. Recommendations: For...
PT-2024-27159 · Unknown · Sourcecodester Stock Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Stock Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the editCategories.php file. This allows for potential unauthorized access to database information...
PT-2024-36833
Name of the Vulnerable Software and Affected Versions Chanjet Smooth T+ system version 3.5 Description A critical issue has been found in the system, affecting the processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the KeyID argument leads to SQL injection. The attack can be...
PT-2024-27174 · Crmeb · Crmeb
Name of the Vulnerable Software and Affected Versions: CRMEB version 5.2.2 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the getProductList function in the ProductController.php file. Recommendations: For CRMEB version 5.2.2, consider...
PT-2024-36488 · Unknown · Itsourcecode Online Blood Bank Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Blood Bank Management System version 1.0 Description: A critical issue affects some unknown functionality of the file changepwd.php. The manipulation of the useremail argument leads to sql injection. The attack may be...
PT-2024-36018 · Winnmp · Winnmp
Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the /tools/redis.php page, specifically in the k, hash, key, and p parameters. This could enable a remote user to submit a specially craft...
PT-2024-35848 · Unknown · Kashipara College Management System
Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A problematic issue was found in the system, affecting an unknown function of the file submit new faculty.php. The manipulation of the address argument leads to cross site scripting...
PT-2024-34605 · Unknown · Phpgurukul Directory Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 1.0 Description: A problematic issue has been found in the PHPGurukul Directory Management System, affecting an unknown function of the file /admin/search-directory.php. This issue leads to...