CVE-2024-10292

ZZCMS 2023 contains a vulnerability in 3/Ebak5.1/upload/ChangeTable.php where manipulating the argument savefilename enables unrestricted upload. The issue is exploitable remotely and the exploit has been publicly disclosed. Affected software/version: ZZCMS 2023; vulnerable component: ChangeTable...

CVE-2024-10290 ZZCMS inc.php information disclosure

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

CVE-2024-10290

Summary of details (CVE-2024-10290): The vulnerability affects ZZCMS 2023, specifically an issue in the file path 3/qq-connect2.0/API/com/inc.php. The underlying effect is information disclosure, with the attack described as exploitable remotely. The public release of the exploit is noted in mult...

CVE-2024-10279

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10276

Telestream Sentry 6.0.9 contains a cross-site scripting (XSS) vulnerability in the Reports Page component, specifically via the /?page=reports endpoint where manipulating the z argument can be exploited remotely. Several connected sources confirm the vulnerability in Telestream Sentry 6.0.9, with...

CVE-2024-10276 Telestream Sentry Reports Page page cross site scripting

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launche...

CVE-2024-10199 code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /managemedicine.php of the component Manage Medicines Page. The manipulation of the argument...

CVE-2024-10192

CVE-2024-10192 affects the PHPGurukul IFSC Code Finder Project 1.0. The vulnerability resides in an unspecified portion of search.php, enabling cross-site scripting (XSS) when user input is manipulated. The issue is exploitable remotely and has public disclosure. Several connected sources (NVD, R...

CVE-2024-10192 PHPGurukul IFSC Code Finder Project search.php cross site scripting

A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-10192 PHPGurukul IFSC Code Finder Project search.php cross site scripting

A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-10171 code-projects Blood Bank System massage.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-10166

A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-10165

CVE-2024-10165 affects Codezips Sales Management System 1.0. The vulnerability resides in deletecustcom.php where manipulating the parameter id enables SQL injection. Impact is described as potentially high confidentiality, integrity, and availability effects, with remote exploitation and public ...

CVE-2024-10158 PHPGurukul Boat Booking System session_start session fixiation

A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function sessionstart. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2024-10155

The CVE-2024-10155 entry affects PHPGurukul Boat Booking System 1.0, specifically the Book a Boat Page component, in file book-boat.php?bid=1. The vulnerability arises from manipulation of the phone_number parameter, enabling cross-site scripting (XSS) and allowing remote initiation of attacks. P...

CVE-2024-10142 code-projects Blood Bank System viewrequest.php cross site scripting

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-10135 ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2024-10128

The CVE-2024-10128 entry concerns Topdata Inner Rep Plus WebServer 2.01. Affected is functionality in the file td.js.gz where manipulation enables a risky cryptographic algorithm. The issue can be exploited remotely and has been publicly disclosed; vendor response is missing. Multiple sources cor...

CVE-2024-10093

A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been...

CVE-2024-10069

The CVE-2024-10069 entry applies to ESAFENET CDG 5, specifically the MailDecryptApplicationService.java function actionPassMainApplication. The vulnerability arises from manipulating the id argument, enabling SQL injection. It can be exploited remotely, and publicly disclosed exploits exist. The ...