CVE-2023-20231

CVE-2023-20231 affects Cisco IOS XE Software web UI. The issue is an input validation flaw in the Web UI that can let an authenticated, remote attacker craft input to execute arbitrary Cisco IOS XE CLI commands with level 15 privileges. Exploitation requires credentials for a Lobby Ambassador acc...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

Cisco IOS XE Software Input Validation Error Vulnerability

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from a flaw in th...

Cacti Operating System Command Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from an operating system command injection vulnerability that...

PT-2023-4916 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to a lack of protection against SQL query structure exploitation, which can allow a remote attacker to gain access to the administration panel. The store locator component is...

Xintian Smart Table Integrated Management System SQL Injection Vulnerability

Xintian Smart Table Integrated Management System is a smart table integrated management system from Xintian. A SQL injection vulnerability exists in Xintian Smart Table Integrated Management System version 5.6.9, which stems from an incorrect operation of the parameter txtRoleName that can lead t...

CVE-2023-4558

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staffdata.php. The manipulation of the argument columns0data leads to sql injection. The attack can be launched remotely. The...

CVE-2023-37439

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37435

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...

Stored Cross-site Scripting

Description Stored XSS attack, the attacker typically injects malicious code, such as JavaScript, into a web form or other input field on a vulnerable web application. This code is then stored on the server and may be displayed to other users who visit the affected page, allowing the attacker to...

PT-2023-25782 · Code Projects · Code-Projects Hospital Management System

Name of the Vulnerable Software and Affected Versions: Code-Projects Online Hospital Management System version 1.0 Description: The issue allows an attacker to manipulate SQL queries executed by the application due to a failure in properly validating user-supplied input in the login id and passwo...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

CVE-2023-20589

The CVE-2023-20589 entry corresponds to a voltage fault injection vulnerability affecting fTPM ASP secure boot on AMD Ryzen platforms (Zen 1/2/3). The AMD-SB-4005 bulletin provides concrete details: potential arbitrary code execution via physical access and specialized hardware, impacting a wide ...

PT-2023-28092 · Unknown · Sourcecodester Free Hospital Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Free Hospital Management System for Small Practices version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the id argumen...

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

FreeBSD : Gitlab -- Vulnerabilities (3117e6cd-1772-11ee-9cd6-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3117e6cd-1772-11ee-9cd6-001b217b3468 advisory. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 befor...

CVE-2023-34418

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...

Super Socializer 7.13.52 - Reflected XSS Exploit

Exploit Title: Super Socializer 7.13.52 - Reflected XSS Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=thechampsharingcount&urls%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E=https://www.google.com Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor...