Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.5 views

PT-2024-25985 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical vulnerability has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file /admin/config...

9.8CVSS7.2AI score0.0068EPSS
Exploits1References8
NVD
NVD
added 2024/03/28 11:15 p.m.20 views

CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

8.1CVSS8.3AI score0.00842EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/03/28 12:0 a.m.28 views

CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

8.6AI score0.00842EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

Zhongbang CRMEB 安全漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB Java e-commerce system version v.1.3.4. An attacker can exploit this vulnerability to execute arbitrary code via the groupid parameter...

8.1CVSS7.7AI score0.00842EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-22534 · Unknown · Crmeb Java

Name of the Vulnerable Software and Affected Versions: CRMEB Java e-commerce system version 1.3.4 Description: The issue allows an attacker to execute arbitrary code via the groupid parameter, potentially leading to unauthorized access and data manipulation. Recommendations: For CRMEB Java...

9.8CVSS7.2AI score0.01536EPSS
Exploits2References11
Prion
Prion
added 2024/03/01 12:15 a.m.34 views

Sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/listipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can ...

6.5CVSS6.8AI score0.08537EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.8 views

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which stems from an incorrect operation of the parameter GroupId that can lead to sql injection...

9.8CVSS8.4AI score0.08537EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.7 views

Vulnerability of the /admin/bookings/view_booking.php script of the SourceCodester AC Repair and Services system, allowing a hacker to execute arbitrary SQL code

The vulnerability in the “/admin/bookings/viewbooking.php” script of the SourceCodester AC Repair and Services system relates to the lack of protective measures for the SQL query structure when processing the parameter “tomail=&groupid=”. Exploiting this vulnerability allows an attacker to execut...

6.8CVSS7AI score0.0063EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.7 views

The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system allows a hacker to execute arbitrary SQL code.

The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system relates to the lack of protection for the SQL query structure when processing the parameter tomail=&groupid=. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

8.5CVSS7.5AI score0.00747EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.10 views

PT-2023-2942 · Sourcecodester · Sourcecodester Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/bookings/view booking.php file. The manipulation of the id argument leads to SQL injection. This can be...

6.8CVSS7.2AI score0.0063EPSS
Exploits1References7
CNVD
CNVD
added 2022/05/07 12:0 a.m.19 views

Cyclos 4 PRO Cross-Site Scripting Vulnerability

Cyclos 4 PRO is a web server. A cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which can be exploited by remote attackers to inject arbitrary web scripts or HTML via the groupId parameter...

4.3CVSS3.2AI score0.03424EPSS
Exploits4Affected Software1
NVD
NVD
added 2022/05/04 3:15 a.m.18 views

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...

9.8CVSS0.01033EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/04 3:15 a.m.1 views

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...

9.8CVSS6AI score0.01033EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/04 2:26 a.m.16 views

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...

10AI score0.01033EPSS
Exploits1References1
CVE
CVE
added 2022/05/04 2:26 a.m.79 views

CVE-2022-27431

Wuzhicms v4.1.0 is affected by CVE-2022-27431 due to a SQL injection vulnerability via the groupid parameter in /coreframe/app/member/admin/group.php. The root cause, as described in CNVD/CVE entries, is lack of input validation for external SQL statements enabling attackers to craft inputs that ...

9.8CVSS9.8AI score0.01033EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/05/02 12:15 a.m.3 views

CVE-2021-31673

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

6.1CVSS5.9AI score0.03424EPSS
Exploits4References3
NVD
NVD
added 2022/05/02 12:15 a.m.26 views

CVE-2021-31673

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

6.1CVSS0.03424EPSS
Exploits4References3
Prion
Prion
added 2022/05/02 12:15 a.m.13 views

Cross site scripting

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

4.3CVSS6AI score0.03424EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.2 views

Cyclos 4 PRO 跨站脚本漏洞

Cyclos 4 PRO is a web server. A cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which can be exploited by remote attackers to inject arbitrary web scripts or HTML via the groupId parameter...

6.1CVSS6.1AI score0.03424EPSS
Exploits4References8
Cvelist
Cvelist
added 2021/10/07 3:50 p.m.46 views

CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

7.8AI score0.00545EPSS
Exploits0References3
Rows per page
Query Builder