Simple E-Learning System SQL注入漏洞

Simple E-Learning System is a simple e-learning system from Carlo Montero's personal developer. simple E-Learning System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements for the postid parameter. An attacker could use this vulnerability to...

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)

Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

CVE-2022-32458

Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...

Xxe

Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...

Business-central 代码问题漏洞

Business-central is a software package. A security vulnerability exists in Business-central that stems from the possibility of receiving an XML external entity injection attack...

CVE-2022-33011

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack...

CVE-2022-33011

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack...

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

PT-2022-21720 · Typeorm · Typeorm

Name of the Vulnerable Software and Affected Versions: TypeORM versions prior to 0.3.0 Description: The findOne function in TypeORM can be supplied with either a string or a FindOneOptions object. When the input to the function is a user-controlled parsed JSON object, supplying a crafted...

VoIPmonitor SQL注入漏洞

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...

Advanced School Management System SQL注入漏洞

Advanced School Management System is a school management system developed by Angel Jude Reyes Suarez. v1.0 of Advanced School Management System is vulnerable to SQL injection, which originates from /school/model /getexamtimetable.php?id=The page lacks validation for external input SQL statements,...

CVE-2022-31951

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=deleterespondenttype...

Simple Inventory System SQL注入漏洞

Simple Inventory System is an inventory system. version 1.0 of Simple Inventory System is vulnerable to SQL injection attacks via /inventory/login.php...

Car Rental Management System SQL注入漏洞

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

Car Rental Management System SQL注入漏洞

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/admin/applicants/index.php?view=view&id= The page lacks validation for external input SQL statements. An attacker could use this...

CLSA-2022-1654106859 Fix CVE(s): CVE-2022-0391

SECURITY UPDATE: Injection attack - debian/patches/CVE-2022-0391.patch: sanitize urls in urllib.parse when it containing ASCII newline and tabs in Doc/library/urllib.parse.rst, Lib/test/testurlparse.py, Lib/urllib/parse.py. - CVE-2022-0391...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing validation of the id parameter at /admin.php/pic/admin/pic/del for external...

promise-probe OS command injection vulnerability

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...