11 matches found
EUVD-2019-7008
Malware in sbrugna...
CVE-2025-9775 RemoteClinic edit-my-profile.php unrestricted upload
A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2025-9775
CVE-2025-9775 affects RemoteClinic up to version 2.0. The vulnerability is in the file /staff/edit-my-profile.php where the image parameter can be manipulated to achieve unrestricted file upload. Attacks may be launched remotely, and the exploit has been publicly disclosed. Several connected sour...
PT-2025-35475
Name of the Vulnerable Software and Affected Versions: RemoteClinic versions up to 2.0 Description: A vulnerability exists in RemoteClinic that allows for unrestricted file upload. The issue is located in the /staff/edit-my-profile.php file, impacting an unknown function. The image argument can b...
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...
Design/Logic Flaw
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2021-39416
Multiple Cross Site Scripting XSS vulnerabilities exists in Remote Clinic v2.0 in 1 patients/register-patient.php via the a Contact, b Email, c Weight, d Profession, e refcontact, f address, g gender, h age, and i serial parameters; in 2 patients/edit-patient.php via the a Contact, b Email, c...
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...
Cross site scripting
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...
CVE-2019-16193
CVE-2019-16193 affects ArcGIS Enterprise 10.6.1. A crafted IFRAME can trigger a Cross Frame Scripting (XFS) attack via the EDIT MY PROFILE feature. Public records (NVD) cite CVSS v2 base 3.5 (LOW) and CVSS v3.1 base 5.4 (MEDIUM); attack vector: NETWORK, user interaction required (CVSS3.1), and pa...