Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-55816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file. CVE-2025-55816 Note that Nessus relies on the presence of t...

6.1CVSS5.4AI score0.00225EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-51298

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00705EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-9085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.p...

6.5CVSS6.4AI score0.01966EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Hoteldruid before 2.3.1, a division by zero was discovered in $numtabelle in tabtariffe.php aka the numtariffa1 parameter due to the mishandling of non-numer...

4.9CVSS5.3AI score0.01743EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-44203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending...

7.5CVSS5.9AI score0.00542EPSS
Exploits2References3
NVD
NVD
added 2025/06/20 4:15 p.m.8 views

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

7.5CVSS0.00542EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/06/20 12:0 a.m.11 views

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

0.00542EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/06/20 12:0 a.m.4 views

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

7.9AI score0.00542EPSS
Exploits2References2
CVE
CVE
added 2025/06/20 12:0 a.m.36 views

CVE-2025-44203

HotelDruid 3.0.7 is affected. An unauthenticated attacker can trigger information disclosure by causing verbose SQL error messages in creadb.php before pressing the 'create database' button. Malformed POST requests to the endpoint may reveal administrator credentials: username, password hash, and...

7.5CVSS7.3AI score0.00542EPSS
Exploits2References2Affected Software1
Debian CVE
Debian CVE
added 2025/06/20 12:0 a.m.5 views

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

7.5CVSS5.7AI score0.00542EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/06/18 6:22 p.m.408 views

Exploit for Uncontrolled Resource Consumption in Digitaldruid Hoteldruid

CVE-2025-44203 HotelDruid 3.0.0 / 3.0.7 Sensitive Information...

7.5CVSS6.7AI score0.00542EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.5 views

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

9.8CVSS8.2AI score0.03272EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 a.m.8 views

CVE-2019-9084

In Hoteldruid before 2.3.1, a division by zero was discovered in $numtabelle in tabtariffe.php aka the numtariffa1 parameter due to the mishandling of non-numeric values, as demonstrated by the /tabtariffe.php?anno=YEAR&numtariffa1;=1a URI. It could allow an administrator to conduct remote denial...

4.9CVSS6.8AI score0.01743EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 a.m.9 views

CVE-2019-9085

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019transazione=1№contratto=1file=a query string to...

6.5CVSS6.5AI score0.01966EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 7:14 a.m.10 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

6.1CVSS5.7AI score0.00278EPSS
Exploits1References3
OSV
OSV
added 2025/04/22 6:15 p.m.4 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

6.1CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2025/03/11 12:0 a.m.75 views

CVE-2025-25747

CVE-2025-25747: A Cross Site Scripting vulnerability in DigitalDruid HotelDruid v3.0.7 allows an attacker to execute arbitrary code and disclose sensitive information via the ripristina_backup parameter in crea_backup.php. Root cause details are not provided beyond the parameter abuse; the provid...

5.4CVSS7AI score0.00487EPSS
Exploits2References2Affected Software1
Debian CVE
Debian CVE
added 2025/03/11 12:0 a.m.11 views

CVE-2025-25749

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies...

7.1CVSS5.3AI score0.00564EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/03/07 12:0 a.m.6 views

PT-2025-10459 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: HotelDruid versions 3.0.7 and earlier Description: The issue allows users to set weak passwords due to the lack of enforcement of password strength policies. Recommendations: For HotelDruid versions 3.0.7 and earlier, consider implementing a...

7.1CVSS6.4AI score0.00564EPSS
Exploits2References17
OSV
OSV
added 2023/11/10 9:15 a.m.7 views

CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

6.1CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder