42 matches found
PT-2023-31881 · Unknown · Implecode Product Catalog Simple
Name of the Vulnerable Software and Affected Versions: impleCode Product Catalog Simple versions 1.7.6 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who shoul...
The vulnerability of the Intel Unite Client conference communication software for Windows and MacOS relates to an uncontrolled search path element, allowing a malicious individual to gain unauthorized access to sensitive information.
The vulnerability of the Intel Unite Client conference communication software for Windows and MacOS relates to an uncontrolled element in the search process. Exploiting this vulnerability can allow a malicious individual to gain unauthorized access to sensitive information...
WordPress Plugin Freesoul Deactivate Plugins – Plugin manager and cleanup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SUSE CVE-2008-2729
arch/x8664/lib/copyuser.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information...
CVE-2023-0785
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file checkavailability.php. The manipulation of the argument username leads to exposure of sensitive information through data querie...
Online Diagnostic Lab Management System SQL注入漏洞
Online Diagnostic Lab Management System is an online diagnostic lab management system. v1.0 of Online Diagnostic Lab Management System is vulnerable to SQL injection, which stems from a lack of validation of externally entered SQL statements and can be exploited by attackers to to obtain sensitiv...
CVE-2022-28740
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...
PYSEC-2022-43070
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...
CVE-2022-32430
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...
CVE-2021-45783
Bookeen Notea Firmware BKR1.0.520210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information...
CVE-2021-46420
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information...
CVE-2020-4606
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883...
Cisco IoT Field Network Director Access Control Error Vulnerability (CNVD-2020-72728)
Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. A security vulnerability exists in Cisco IoT Field Network Director FND that stems from affected software not properly validati...
SQL Injection Vulnerability in the Frontend Registration Module of 120 Emergency Command Center Web Service System
120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. A SQL injection vulnerability exists in the frontend registration module of the 120 Emergency Command Center Web...
WeLive online customer service system suffers from arbitrary file download vulnerability
WeLive online customer service system is a small program, easy to install and use online online customer service system. WeLive Online Customer Service System has an arbitrary file download vulnerability that can be exploited by an attacker to obtain sensitive information...
SQL Injection Vulnerability in Laikepui E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25312)
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. There is a SQL injection vulnerability in the Laike Push e-commerce system of Hunan One Eight Network Technology Co. Ltd, which can be exploited by an attacker to obtain...
Moxa PT-7528 and PT-7828 Series Weak Cryptographic Algorithm Vulnerability
Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. A weak cryptographic algorithm vulnerability exists in the Moxa PT-7528 and PT-7828 Series, which can be exploited by attackers to obtain sensitive information...
Weak Password Vulnerability in Tianqing Web Application Security Gateway
SkyQuest Web Application Security Gateway is a new generation of Web security protection and application delivery application security product developed by Qisda, which is used to defend against attacks targeting Web application vulnerabilities, analyze HTTP/HTTPS traffic on Web servers and...
SQL Injection Vulnerability in Boqiang Network Technology Company's Website Building System
Boqiang network technology company is engaged in enterprise, business website design, website construction, e-commerce, graphic design, wap website construction and software development and other production and application in one of the Internet company. A SQL injection vulnerability exists in...
SQL Injection Vulnerability in Agricultural Internet of Things Sensing Platform System
Agricultural IoT sensing platform system is an industrial control system. An SQL injection vulnerability exists in the Agricultural Internet of Things Sensing Platform System, which can be exploited by attackers to obtain sensitive information from the database...