Sql injection

A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2022-2643

A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit ha...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8alert1 leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-2643

CVE-2022-2643 affects SourceCodester Online Admission System, specifically the POST Parameter Handler component. The vulnerability arises from manipulation of the shift argument, enabling SQL injection. The issue is exploitable remotely and, according to sources, exploits have been disclosed publ...

CVE-2017-20144 Anvsoft PDFMate PDF Converter Pro memory corruption

A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection Union. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

Code injection

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiate...

CVE-2022-2419

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...

CVE-2017-20127

KB Login Authentication Script 1.1 is affected by a SQL injection vulnerability. The issue arises from manipulating the username/password arguments with the payload 'or''=' which allows remote exploitation. The vulnerability is publicly disclosed and may be exploited by attackers. Connected docum...

CVE-2017-20126 KB Affiliate Referral Script index.php sql injection

A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...

CVE-2022-2298 SourceCodester Clinics Patient Management System Login Page index.php sql injection

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument username with the input admin' or...

Cross site scripting

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cissms/index.php/orders/create. The manipulation of the argument customername with the input alert"XSS" leads to cross...

Cross site scripting

A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /cihms/search of the component Search. The manipulation of the argument search with the input "alert"XSS" leads to cross site scripting...

CVE-2017-20117

A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting DOM. The attack can be launched remotely. The exploit has been disclos...

Cross site scripting

A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting DOM. The attack can be launched remotely. The exploit has been disclos...

CVE-2017-20115 TrueConf Server Reflected cross site scripting

A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting Reflected. The attack may be initiated remotely. The exploit...

CVE-2017-20105

A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The...

Path traversal

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public a...

CVE-2017-20102

CVE-2017-20102 affects Album Lock 4.0. The vulnerability is a path traversal in the /getImage functionality caused by manipulating the parameter named filePaht . Local attacker access is required. Public disclosure of the exploit is noted in the sources. The records do not provide details on affe...