CVE-2025-9600 itsourcecode Apartment Management System member_type_setup.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/membertypesetup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. T...

PT-2025-35221

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is located in an unknown function within the /intranet/educar transferencia tipo cad.php file of the...

PT-2025-35218

Name of the Vulnerable Software and Affected Versions: yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3 Description: A path traversal issue exists in the removeFileByPath function within the src/main/java/com/yeqifu/sys/utils/AppFileUtils.java file. The manipulation of...

PT-2025-35231

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A cross site scripting issue exists due to the manipulation of the name, alias, or description argument in the processing of the /x program center/jaxrs/script file within the Personal Profile Page...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ddlEmpName in file /setting/employeesalarysetup.php. An attacker...

CVE-2025-9593

Affected software: itsourcecode Apartment Management System 1.0. The vulnerability is an SQL injection in the /report/unit_status_info.php file caused by unsafely handling the usid parameter. This allows remote exploitation and an exploit has been published. Connected advisories confirm the issue...

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-9582

The CVE-2025-9582 entry concerns Comfast CF-N1 firmware version 2.6.0. The flaw lies in the ntp_timezone function in the /usr/bin/webmgnt binary where manipulating the timestr argument can cause a command injection. The attack is described as remote capable and an exploit has been published. Cons...

Apartment Management System addowner.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /owner/addowner.php. An attacker can exploit this...

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

CVE-2025-9511

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available...

CVE-2025-9504

CVE-2025-9504 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /ajax.php?action=save_plan, caused by manipulation of the ID argument. Exploitation can be performed remotely, and public exploits are available. Techni...

CVE-2025-9503 Campcodes Online Loan Management System ajax.php sql injection

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=saveborrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has be...

Linux Distros Unpatched Vulnerability : CVE-2024-40767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing...

PT-2025-34861

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow exists in the setSysAdm function of the /goform/setSysAdm file. Manipulation of the rm port argument can trigger this issue, allowing for remote code execution. The...

Linux Distros Unpatched Vulnerability : CVE-2025-27552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program...

CVE-2025-9475

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /AdminDashboard/process/editemployeeprocess.php. This manipulation of the argument employeefile201 causes unrestricted upload. The attack may be...

CVE-2025-9471

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/addmaintenancecost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-9434

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...