448 matches found
CVE-2023-0956
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system...
Xxe
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system...
CVE-2023-0956 TEL-STER TelWin SCADA WebInterface Path Traversal
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system...
Simple Online Mens Salon Management System SQL Injection Vulnerability (CNVD-2023-65139)
Simple Online Mens Salon Management System is open source a men's salon management system . Simple Online Mens Salon Management System v1.0 version of the SQL injection vulnerability, the vulnerability stems from the file /admin/?page=user/manageuser &id=3 parameter id lack of validation of...
OURPHP SQL Injection Vulnerability
OURPHP is OURPHP open source an open source, cross-platform, enterprise-level + e-commerce + applet + APP multi-terminal synchronization CMS station-building system. OURPHP version 7.2.0 and previous versions exist SQL injection vulnerability. The vulnerability stems from the application's lack o...
Campcodes Advanced Online Voting System SQL Injection Vulnerability
Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/votersrow.php, which can be...
Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29416)
Campcodes Advanced Online Voting System is an online voting system. A SQL injection vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/positionsdelete.php...
Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29415)
Campcodes Advanced Online Voting System is an online voting system. The Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter description of the file /admin/positionsadd.ph...
Campcodes Online Traffic Offense Management System SQL Injection Vulnerability (CNVD-2023-29406)
Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the paramet...
Online Computer and Laptop Store delete_order function SQL injection vulnerability
Online Computer and Laptop Store is an online computer and laptop store. An SQL injection vulnerability exists in Online Computer and Laptop Store v1.0, which originates from the function deleteorder in /classes/master.php?f=deleteorder where the parameter id of deleteorder lacks validation for...
Online Computer and Laptop Store SQL注入漏洞
Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability in the file /classes/Master.php?f=updateorderstatus, where the parameter id of the function...
Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29387)
Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the fi...
TEL-STER TelWin SCADA WebInterface 路径遍历漏洞
TEL-STER TelWin SCADA WebInterface is a data acquisition and monitoring control system from TEL-STER Poland. A security vulnerability exists in TEL-STER TelWin SCADA WebInterface that originates from the ability to use external input to construct paths to files and directories without correctly...
IBM Aspera Faspex SQL Injection Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the application's lack of validation of external...
Path Traversal in code
Description The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. Proof of Concept Code that has the...
SUSE CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
DEBIAN-CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
Command injection
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...