Phpgurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...

CVE-2025-40702

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

The vulnerability of the determineInclusionAndExtract method in the HPE StoreOnce VSA virtual storage system allows a attacker to perform an SSRF attack.

The vulnerability of the determineInclusionAndExtract method in the HPE StoreOnce VSA virtual storage system is related to insufficient validation of incoming requests. Exploiting this vulnerability may allow a malicious actor to execute an SSRF attack remotely...

CVE-2024-20473

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

CVE-2023-33238

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious...

The vulnerability of Rockwell Automation’s 5015-AENFTXT EtherNet/IP adapter software, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software for Rockwell Automation’s EtherNet/IP adapters model 5015-AENFTXT lies in insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending specially crafted PTP packets...

Command Injection

gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused due to inadequate input validation during the previewing of changes, allowing an attacker to inject arbitrary commands...

PT-2024-13008 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The system is exposed to potential remote code execution risks due to inadequate input validation. Attackers can exploit this by appending shell commands to the Speed-Measurement featur...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from Inadequate input validation can lead to a SQL injection vulnerability at the Tree data entry point...

Cross Site Scripting (XSS)

phpxmlrpc/extras is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input validation within the documentingxmlrpcserver class when processing the GET methodName parameter, which allows attackers to execute malicious scripts in the context of the user's browser,...

Prototype Pollution

@apidevtools/json-schema-ref-parser is vulnerable to Prototype Pollution. The vulnerability is due to inadequate input validation in the bundle, parse, resolve, and dereference functions, allowing a remote attacker to execute arbitrary code...

Local File Inclusion (LFI)

gregwar/rst is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation, allowing an attacker to manipulate file paths to read arbitrary files...

Denial Of Service (DoS)

ryu is vulnerable to Denial of service. The vulnerability is due to inadequate input validation when the length=0 within the OFPHello function in parser.py, which results in an infinite loop...

Buffer Overflow

GifLib Project GifLib v.5.2.1 is vulnerable to a Buffer Overflow Vulnerability. The vulnerability is due to inadequate input validation in the DumpSCreen2RGB function within gif2rgb.c, which could be exploited by a local attacker to access sensitive information...

CVE-2023-4667 Stored Cross Site Scripting in webserver administration

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

CVE-2023-4667 Stored Cross Site Scripting in webserver administration

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

The vulnerability of the HTTP.sys driver in the Windows operating system, which allows a hacker to trigger a service failure

The vulnerability of the HTTP.sys driver in the Windows operating system is related to insufficient input validation. Exploiting this vulnerability can allow a remote attacker to trigger a service failure through a specially crafted request...

CVE-2022-29167

A regular expression denial of service ReDoS was found in Hawk in its header parsing functionality. The issue arises from inadequate input validation in the Hawk.utils.parseHost function when processing untrusted input with regular expressions. This flaw allows an attacker to send a specially...

Cisco Prime Access Registrar 跨站脚本漏洞

Cisco Prime Access Registrar Cpar is a 3gpp-compliant Aaa server software from Cisco USA. It is used to provide scalability. A cross-site scripting vulnerability exists in Cisco Prime Access Registrar that stems from inadequate validation of user-supplied input in the web-based management...

The vulnerability of Huawei’s microprogrammed router software, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of Huawei’s microprogrammed router software is related to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...