EUVD-2017-18994

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

CVE-2017-20267

CVE-2017-20267 affects Joomla! Calendar Planner 1.0.1. The vulnerability is an SQL injection in the category_id parameter used when viewing events, allowing unauthenticated attackers to inject SQL via GET requests to the events view and potentially extract sensitive database information. Affected...

CVE-2020-10247

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

PT-2024-18284 · WordPress · Nextscripts: Social Networks Auto-Poster

Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster plugin for WordPress versions up to, and including, 4.4.3 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

The vulnerability of the DataLogView.php, EventsView.php, and AlarmsView.php scripts of the microprogramming software for Osprey Pump Controller controllers allows a perpetrator to execute arbitrary commands.

The vulnerability of the DataLogView.php, EventsView.php, and AlarmsView.php scripts of the Osprey Pump Controller microprogrammed software exists due to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

CVE-2023-6423

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...

CVE-2020-10247

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

Design/Logic Flaw

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

DEBIAN-CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

Sql injection

SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filtercreator or filtereventscat parameter...

Joomla! JTicketing 2.0.16 SQL Injection

Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Version: 2.0.16 Category: Webapps Tested on:...