13 matches found
PT-2025-19730
Name of the Vulnerable Software and Affected Versions Rhymix version 2.1.22 Description The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the procFileAdminEditImage method in the /file/file.admin.controller.php file. Recommendations For Rhym...
PT-2024-16150 · Red Hat · Keycloak-Services
Name of the Vulnerable Software and Affected Versions: Keycloak-services affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could...
PT-2023-31758 · Unknown · Hutool-Core
Name of the Vulnerable Software and Affected Versions: hutool-core version 5.8.23 Description: The NumberUtil.toBigDecimal method in hutool-core was discovered to contain a stack overflow. Recommendations: For hutool-core version 5.8.23, consider disabling the toBigDecimal method in the NumberUti...
PT-2023-29977 · Prestashop · Motivationsale
Name of the Vulnerable Software and Affected Versions: motivationsale module for PrestaShop versions prior to 3.5.0 Description: The issue concerns a SQL injection flaw in the motivationsaleDataModel::getProductsByIds method, allowing a guest to execute sensitive SQL calls with a simple HTTP...
PT-2023-20740 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the SearchStudents method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For versions 3.1.0...
PT-2023-21083 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails StudentDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...
PT-2023-21036 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information. Recommendations: For versions 3.1.0...
PT-2023-29978 · Unknown · Referral/Affiliation Program
Name of the Vulnerable Software and Affected Versions: Referral and Affiliation Program referralbyphone versions 3.5.1 and earlier Description: The issue allows a guest to perform SQL injection. The method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate contains sensitive...
PT-2023-27483 · Lg · Lg Simple Editor
Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...
PT-2022-21159 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Description: An information disclosure issue exists due to the getUserMentionsByChannel meteor server method, which discloses messages from private channels and direct messages regardless of the user's access...
PT-2022-22982 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition version 8.1.15 b2022030114 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists withi...
PT-2009-3421 · Elby +1 · Virtual Clonedrive +4
Name of the Vulnerable Software and Affected Versions: ElbyCDIO.sys versions 6.0.2.0 and earlier AnyDVD versions prior to 6.5.2.6 Virtual CloneDrive versions 5.4.2.3 and earlier CloneDVD versions 2.9.2.0 and earlier CloneCD versions 5.3.1.3 and earlier Description: The issue exists due to an erro...
PT-2007-7113 · Realnetworks · Realplayer
Name of the Vulnerable Software and Affected Versions: RealPlayer version 11 Description: The issue allows remote attackers to cause a denial of service, resulting in a browser crash, by providing a certain argument to the GetSourceTransport method in the RealAudioObjects.RealAudio ActiveX contro...