Employee Managment System SQL Injection Vulnerability

Employee Managment System is an employee management system. Employee Managment System v1.0 has a SQL injection vulnerability that originates from a SQL injection vulnerability in the file /aprocess.php...

jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin

A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller fi...

The vulnerabilities of the functions setTemplate(), renderPhp(), and pathJoin() of the Shield Security plugin—a WordPress content management system for smart bot blocking and intrusion prevention—allow attackers to load arbitrary PHP files.

The vulnerabilities of the setTemplate, renderPhp, and pathJoin functions in the Shield Security plugin—a system for WordPress content management with Smart Bot Blocking & Intrusion Prevention features—are related to improper external manipulation of file names or file paths. Exploiting these...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation, which allows an attacker to craft a malicious dataset which writes files to arbitrary locations on the system...

Directory Traversal: Examples, Testing, and Prevention

Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowing unauthorized individuals to gain unauthorized access to specific files held within a server's database...

Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...

Path Traversal

Atril is vulnerable to Path Traversal. The vulnerability is due to improper file path validation. The attacker can write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access...

The vulnerability of Websoft HCM’s automation software for HR processes stems from name management or file path handling errors, allowing attackers to gain access to the file system.

The vulnerability of Websoft HCM’s automation software for HR processes is related to name management or file path handling errors. Exploiting this vulnerability can allow an attacker to gain read access to the file system remotely...

Exploit for Code Injection in Ispyconnect Agent_Dvr

CVE-2024-22514: Remote Code Execution in Agent DVR Informa...

PT-2024-15940 · Unknown · Flink-Extended Ai-Flow +1

Name of the Vulnerable Software and Affected Versions: flink-extended ai-flow version 0.3.1 Description: A critical issue has been found, affecting the function cloudpickle.loads of the file ai flowclicommandsworkflow command.py. This issue leads to deserialization and can be exploited remotely...

CVE-2024-0778

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to...

CVE-2024-0570

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended t...

PT-2024-15657 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.3.0 Description: A critical vulnerability has been found in DedeBIZ, affecting unknown code in the file /admin/makehtml freelist action.php. The manipulation of the startid argument leads to SQL injection. The attack can be...

PT-2024-15587 · Unknown · Code-Projects Human Resource Integrated System

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /admin route/inc service credits.php. The manipulation of the id argument leads to SQ...

CVE-2024-0358

A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

Vehicle Booking System Cross-Site Scripting Vulnerability

Vehicle Booking System is a vehicle booking system by Martin Mbithi Nzilani, an individual developer. A cross-site scripting vulnerability exists in Vehicle Booking System version 1.0, which originates in the usr/usr-register.php in the component User Registration, which contains unknown code tha...

PT-2024-15481 · Codeastro · Codeastro Vehicle Booking System

Name of the Vulnerable Software and Affected Versions: CodeAstro Vehicle Booking System version 1.0 Description: A problematic issue was found in the User Registration component, specifically in the file usr/usr-register.php. The manipulation of the Full Name, Last Name, or Address arguments with...

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path...

CVE-2023-6750 Clone < 2.4.3 - Unauthenticated Backup Download

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path...

CVE-2024-0308

A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument purl leads to server-side request forgery. The attack may be initiated remotely. The exploit...