CVE-2023-6888

A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ...

Design/Logic Flaw

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attac...

CVE-2023-6887 saysky ForestBlog Image Upload img unrestricted upload

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attac...

CVE-2023-6774

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accountscon/registeraccount. The manipulation of the argument Username with the input alertdocument.cookie leads to cross...

CVE-2023-6758 Thecosy IceCMS API PlanetCommentList access control

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit...

CVE-2023-6756

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack...

CVE-2023-6755

CVE-2023-6755 affects DedeBIZ 6.2. The vulnerability is in /src/admin/content_batchup_action.php where manipulation of the endid argument enables SQL injection. The issue can be exploited remotely; public disclosures exist. Remediation guidance across sources is limited to temporary mitigations: ...

CVE-2023-6609

A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cro...

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqosexpressdevices/smartqosnormaldevices leads to deserialization. It is possible to...

CVE-2023-6473 SourceCodester Online Quiz System take-quiz.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiztaker/yearsection leads to cross site scripting. It is possible to initiate the attack remotely. T...

CVE-2023-6442

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The...

Improper access control

A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack...

Cross site scripting

A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated...

Sql injection

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

Out-of-bounds

A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file studentavatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

Sql injection

A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approvecenter/flowguide/flowtype/setprint/delete.php. The manipulation of the argument DELETESTR leads to sql injection. The attack can be initiated remotel...

CVE-2023-5698

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pagesdepositmoney.php. The manipulation of the argument accountnumber with the input 421873905--alert9523!-- leads to cross site scripting. The attack...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pagesviewclient.php. The manipulation of the argument accname with the input Johnnie Reyes'"&%alert5646 leads to cross site...

CVE-2023-5697 CodeAstro Internet Banking System pages_withdraw_money.php cross site scripting

A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pageswithdrawmoney.php. The manipulation of the argument accountnumber with the input 287359614--alert1234!-- leads to cross site scripting. It is possible t...

CVE-2023-5695 CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pagesresetpwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25alert9860 leads to...