Task Reminder System SQL Injection Vulnerability

Task Reminder System is a Task Reminder System by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Task Reminder System version 1.0, which stems from the parameter id of the file classes/Users.php?f=delete that can lead to SQL injection...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from an SQL injection vulnerability in the parameter GWLinkId in the file...

UBUNTU-CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

Cross site scripting

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

PT-2023-32257 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown part of the file /admin/list addr fwresource ip.php. This issue leads...

mycli Encryption Problem Vulnerability

mycli is a dbcli open source MySQL terminal client with auto-completion and syntax highlighting. A security vulnerability exists in mycli version 1.27.0, which stems from an insufficient encryption strength issue. An attacker can exploit the vulnerability to view sensitive information via...

Command Injection

Node-qpdf are vulnerable to Command Injection.The vulnerability is due to not sanitizing the input parameters in the encrypt method. This allows an attacker to inject malicious commands if they can specify the input pdf file path...

WordPress plugin Vrm 360 3D Model Viewer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

DakshSCRA - Source Code Review Assist

Daksh SCRA Source Code Review Assist tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

PT-2023-5589 · Tongda · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions prior to 11.10 Description: A critical issue was found in Tongda OA 2017, affecting an unknown function of the file general/hr/manage/staff title evaluation/delete.php. The manipulation of the EVALUATION ID argument...

Cadence Design Systems GUI Security Vulnerability

Cadence Design Systems GUI is a Graphical User Interface GUI from Cadence Design Systems, Inc. to support its suite of Electronic Design Automation EDA software tools. A security vulnerability exists in Cadence Design Systems GUI version 0.9.2 and prior versions, which stems from the use of an...

GHSA-6F9P-G466-F8V8 blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Input validation

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

PT-2023-31525 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6 Description: A critical issue was found in the software, affecting an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The issue can be exploited through SQL injection by manipulating the input wit...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...