1000 Projects Library Management System 安全漏洞

1000 Projects Library Management System is an open source library management system from 1000 Projects. A security vulnerability exists in 1000 Projects Library Management System version 1.0 due to a SQL injection in parameter q. The vulnerability is caused by the presence of a parameter q in the...

CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

PT-2024-39870

Name of the Vulnerable Software and Affected Versions The Taskbuilder WordPress plugin versions prior to 3.0.5 Description The issue allows high privilege users, such as admins, to perform SQL Injection attacks due to the lack of sanitization of user input into the load orders parameter, which is...

WordPress MStore API plugin <= 4.15.7 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MStore API versions = 4.15.7...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-45898)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob version 3.20 and later, which stems from vulnerability to SQL injection attack...

1000 Projects Bookstore Management System 注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which originates from an SQL injection vulnerability in the fnm parameter of the...

RHEL 6 / 7 : python27-python (RHSA-2016:1628)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1628 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high leve...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

PT-2024-16323 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found in the getOneFileDirectory function of the /com/esafenet/servlet/fileManagement/FileDirectoryService.java file. The manipulation of the directoryId argument leads to SQL...

CVE-2024-51300

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getrrd function...

CVE-2024-10440

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

CVE-2024-10160

A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to...

Cloudlog 安全漏洞

Cloudlog is a self-hosted PHP application by the individual developer Peter Goodhall. Allows logging of amateur radio contacts from anywhere. A security vulnerability exists in Cloudlog version 2.6.15, which stems from the stationid parameter in the requestform function of the Oqrs.php page...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

PT-2024-32277 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A SQL Injection issue allows an authenticated low-privileged user, with at least Report Viewer permissions, to escalate privileges to the admin account. This issue can be exploited by a use...

PT-2024-31871 · Unknown · Blood Bank/Donation Management System

Name of the Vulnerable Software and Affected Versions: Blood Bank and Donation Management System version 1.0 Description: A Cross Site Scripting XSS issue is present in the update contact.php file, allowing an attacker to inject malicious scripts via the name parameter of the "update contact.php"...

CVE-2024-7575 Improper neutralization special element in hyperlinks

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Titles: SFTRS - PHP by: oretnom23 v1.0 Multiple-SQLi Bonus: FU + RCE & XSS - Information disclosure Author: nu11secur1ty Date: 09/14/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html...

PT-2024-39190 · Unknown · Code-Projects Inventory Management

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management version 1.0 Description: A critical vulnerability was found in the code-projects Inventory Management software. The issue affects an unknown functionality of the file /model/viewProduct.php of the component...