2218 matches found
Out-of-bounds
A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation ...
CVE-2023-3578
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file codo.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The...
CVE-2023-3339
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...
Path traversal
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3240 OTCMS usersNews_deal.php path traversal
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...
CVE-2023-3237
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
CVE-2023-3238 OTCMS server-side request forgery
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...
Sql injection
A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btnfunctions.php. The manipulation of the argument questionid leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2023-2927
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2023-2863 Simple Design Daily Journal SQLite Database cleartext storage in a file or on disk
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launc...
PT-2023-2922 · Unknown · Twister Antivirus
Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8 Description: The issue is related to a buffer overflow in the filppd.sys file of the IoControlCode Handler in Twister Antivirus, leading to memory corruption. This can allow an attacker to impact the confidentialit...
DEBIAN-CVE-2023-2789
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...
PT-2023-21396 · Gnu +1 · Gnu Cflow +1
Name of the Vulnerable Software and Affected Versions: GNU cflow version 1.7 Description: A problematic issue has been found that affects the function func body/parse variable declaration of the file parser.c, leading to denial of service. The exploit has been disclosed to the public and may be...
CVE-2023-2692
A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/roominfo.php of the component GET Parameter Handler. The manipulation of the argument name leads to cro...
Cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/additem.php of the component POST Parameter Handler. The manipulation of the argument itemname leads to cross site scripting...
CVE-2023-2677
A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...
Cross site scripting
A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /filemanager/admin/saveuser.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross si...
CVE-2023-2658
CVE-2023-2658 affects SourceCodester Online Computer and Laptop Store 1.0, with SQL injection in products.php via the c parameter. Affects unknown functionality; exploit could be remotely launched and has been publicly disclosed. Documents indicate a workaround: restrict access to products.php an...
Command injection
A vulnerability was found in Tenda AC23 16.03.07.45cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The explo...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprovedelete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...