Shiprocket Module 3 on OpenCart 安全漏洞

Shiprocket Module 3 on OpenCart is a shipping module from Shiprocket. A security vulnerability exists in Shiprocket Module 3 on OpenCart v3, which stems from the parameter contentHash in the file /index.php?route=extension/module/restapi&action=getOrders that can lead to authorization errors...

Job Recruitment 安全漏洞

Job Recruitment by code-projects is a job portal project developed using PHP, CSS, JavaScript, and MySQL technologies. A security vulnerability exists in Job Recruitment version 1.0, which originates from an SQL injection vulnerability in the ehash parameter of the /activation.php page...

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-4295

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

PT-2024-34694

Name of the Vulnerable Software and Affected Versions Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.15 Description The issue allows unauthenticated attackers to perform Directory Traversal via the dropzone hash parameter. This enables them to copy the contents...

PT-2024-36020 · Winnmp · Winnmp

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the index page, specifically in the from, subject, text, and hash parameters. This could enable a remote user to send a specially crafted...

Cross-site Scripting (XSS)

Overview yard is a documentation generation tool for the Ruby programming language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the URL hash in the embedded JavaScript code in the frames.erb template file. Details Cross-site scripting or XSS is a code...

Siemens JT Utilities 安全漏洞

Siemens JT Utilities is a software application from Siemens Germany. An unspecified vulnerability exists in Siemens JT Utilities, which originates when parsing a specially designed JT file, calling a hash function with incorrect parameters can cause the application to crash. An attacker could use...

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter a blind SQL injection vulnerability...

PT-2020-10397 · Unknown · Email Subscribers & Newsletters

Name of the Vulnerable Software and Affected Versions: Email Subscribers & Newsletters versions prior to 4.3.1 Description: The issue is related to a blind SQL injection vulnerability. It allowed SQL statements to be passed to the database in the hash parameter. Recommendations: For versions prio...

WHMCS Group Pay Plugin 1.5 (grouppay.php, hash param) - SQL Injection

We have found a SQL injection inside the group pay plugin for WHCMS. A lot of game hosting companies are using this plugin. SQL Injection is in the function gpLoadUserFromHash. Exploits ============ - SQL Injection grouppay.php?hash=%hash%' and '1'='1 ============ Code SQL Injection ============...

CVE-2012-4996

Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to 1 dltorrent.php or 2 torrentfunctions.php...

PT-2009-4565 · Fretsweb · Fretsweb

Name of the Vulnerable Software and Affected Versions: FretsWeb version 1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the name parameter to "player.php" and the hash parameter to "song.php". Recommendations: For FretsWeb version 1.2...

Cross site scripting

Cross-site scripting XSS vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information...

CVE-2006-2208

Multiple cross-site scripting XSS vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the 1 hash and 2 page parameters...

CVE-2006-2208

Multiple cross-site scripting XSS vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the 1 hash and 2 page parameters...

PT-2006-3182 · Mynews · Mynews

Name of the Vulnerable Software and Affected Versions: MyNews version 1.6.2 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the hash and page parameters. Recommendations: For...