CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

CVE-2024-0196

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed ...

CVE-2024-0191

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit...

Design/Logic Flaw

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit...

GHSA-MCPH-M25J-8J63 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

Summary The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The changed-files action returns a list of files changed in a commit or pull request which provides an escapejson...

PT-2024-33692 · Pagure +1 · Pagure +1

Name of the Vulnerable Software and Affected Versions: Pagure affected versions not specified Description: The issue concerns a symlink following vulnerability in Pagure's update file in git function, allowing for arbitrary file manipulation. Recommendations: At the moment, there is no informatio...

Sql injection

A vulnerability classified as critical was found in S-CMS up to 2.0build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the publ...

CVE-2018-25096

A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated...

Sql injection

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sellreturndata.php. The manipulation of the argument columns0data leads to sql injection. The attack may be...

CVE-2023-7149

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...

Cross site scripting

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...

CVE-2023-7149 code-projects QR Code Generator cross site scripting

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...

CVE-2023-7149 code-projects QR Code Generator cross site scripting

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...

Sql injection

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to th...

CVE-2023-5991

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server...

Design/Logic Flaw

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server...

CVE-2023-7092 Uniway UW-302VP Admin Web Interface wlan_basic_set.cgi cross-site request forgery

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-7092

CVE-2023-7092 affects Uniway UW-302VP v2.0 Admin Web Interface. The vulnerability is a cross-site request forgery in /boaform/wlan_basic_set.cgi driven by the wlanssid/password parameter, with remote initiation and exploit public. Root cause cited as processing in the CGI; CVSS metrics indicate M...

CVE-2023-7091

Dreamer CMS 4.1.3 contains an issue in the /upload/uploadFile endpoint where manipulating the file argument allows unrestricted file upload. The vulnerability can be exploited remotely and has publicly disclosed exploit information. Supported documents consistently identify the root cause as a co...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The...