Sql injection

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...

ROS-20231110-01

A vulnerability in the smbd library of the Samba networking software package is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an intruder, acting remotely, to cause a denial of service Vulnerability in the...

PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...

GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...

Rocky Linux 9 : rsync (RLSA-2022:6181)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6181 advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The...

CVE-2023-5928

A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/managedepartment.php. The manipulation of the argument id leads to sql injection. The exploit has been...

Sql injection

A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/updatestatus.php. The manipulation of the argument studentid leads to sql injection. The exploit has been disclosed to the...

Sql injection

A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/managedepartment.php. The manipulation of the argument id leads to sql injection. The exploit has been...

Sql injection

A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/viewcourse.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may ...

CVE-2023-5836

A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

CVE-2023-5836 SourceCodester Task Reminder System sql injection

A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

Authentication flaw

A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack...

CVE-2023-5827

A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed t...

CVE-2023-5796

CVE-2023-5796 affects CodeAstro POS System 1.0, where an unknown functionality in the Logo Handler’s /setting file allows unrestricted upload. The issue can be triggered remotely and has been publicly disclosed. APT-PT security advisory notes this as a critical flaw in Logo Handler, enabling arbi...

CVE-2023-5786

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-5786

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the...

Sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddressinterpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been...

Jenkins plugins Multiple Vulnerabilities (2023-10-25)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a stor...

CVE-2023-28797

CVE-2023-28797 affects Zscaler Client Connector for Windows prior to version 4.1. The vulnerability arises from how the client writes/deletes a configuration file inside specific folders on disk, allowing a local attacker to replace the folder and execute code with elevated privileges. Impact is ...

CVE-2023-5702 Viessmann Vitogate 300 direct request

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...