FAQ Management System Cross-Site Scripting Vulnerability

FAQ Management System is a frequently asked questions management system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in version 1.0 of the FAQ Management System, which stems from the parameter question/answer in the file /endpoint/add-faq.php, which result...

Petrol Pump Management Software SQL Injection Vulnerability

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A SQL injection vulnerability exists in Petrol Pump Management Software version 1.0, which originates from a SQL injection issue in the /admin/app/logincrud.php file...

PT-2024-18686 · Sourcecodester · Sourcecodester Petrol Pump Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Petrol Pump Management Software version 1.0 Description: A critical issue was found in the software, affecting the /admin/edit supplier.php file. The manipulation of the id argument leads to SQL injection. The attack can be...

Book Store Management System Security Vulnerability

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates from a cross-site scripting vulnerability in the /bsmsci/index.php/history file...

UBUNTU-CVE-2024-26462

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c...

PT-2024-18420 · Byzoro · Byzoro Smart S42 Management Platform

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S42 Management Platform versions up to 20240219 Description: A critical vulnerability has been found in the Byzoro Smart S42 Management Platform, affecting an unknown functionality of the file /useratte/userattestation.php. The...

PT-2024-18379 · Sourcecodester · Sourcecodester Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Management System version 1.0 Description: A problematic issue was found in the Project Assignment Report component, specifically in the /process/assignp.php file. The manipulation of the pname argument leads to...

CVE-2024-21890

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/...

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

PT-2024-18348 · Sourcecodester · Sourcecodester Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Management System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /Account/login.php. The manipulation of the txtusername argument leads to sql...

Design/Logic Flaw

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

UBUNTU-CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

CVE-2024-21890 affects Node.js where the experimental Permission Model mishandles wildcards in --allow-fs-read/--allow-fs-write, allowing access beyond the intended path due to improper path traversal sanitization. Affected are Node.js 20/21 with the experimental permission model; mitigation is t...

CVE-2024-25123

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

CVE-2024-25123 Path Manipulation in file mslib/index.py in MSS

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

CVE-2024-25123 Path Manipulation in file mslib/index.py in MSS

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

CVE-2024-26261 Hgiga OAKlouds - Arbitrary File Read And Delete

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...

Employee Managment System SQL Injection Vulnerability

Employee Managment System is an employee management system. Employee Managment System v1.0 has a SQL injection vulnerability that originates from a SQL injection vulnerability in the file /aprocess.php...

jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin

A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller fi...