Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. complete Online Job Search System is vulnerable to SQL injection, which originates from eris/admin/category/index.php?view=edit & id=page missing validation of external input SQL statements. An attacker could use this vulnerability...

ACEware Systems ACEweb Online Portal 跨站脚本漏洞

ACEware Systems ACEweb Online Portal is a component of the Student Manager solution from ACEware Systems, Inc. A cross-site scripting vulnerability exists in ACEware Systems ACEweb Online Portal version 3.5.065, which originates in person. The txtNmName1 parameter in awp lacks a validation filter...

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from rdms/admin/ respondenttypes/viewrespondenttype.php?id=The page lacks validation for extern...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. service.php?id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/admin/?page=bookings /viewdetails&id=page lacks validation of external input SQL...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/classes/Master.php?f =deletevehicle page lacks validation for external input SQL...

Wedding Management System SQL注入漏洞

Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from the admin/photosedit.php page's lack of validation of external An attacker can use this...

GNUBOARD5 跨站脚本漏洞

GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=facilities/managefacility&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in scbs/classes/ Master.php?f=deletefacility, the id parameter of the po...

nopCommerce 跨站脚本漏洞

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...

composer 参数注入漏洞

composer is a software application . It provides a declaration to manage and install dependencies for PHP projects. composer suffers from a parameter injection vulnerability that stems from a lack of input validation. An attacker can execute commands via VcsDriver::getFileContent...

The vulnerability of the crc64i function in the nasmlib/crc64.c assembly file of NASM allows a hacker to cause a service failure.

The vulnerability of the crc64i function in the nasmlib/crc64.c assembly file of NASM involves copying buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the Databuf function in the types.cpp component of the Exiv2 media metadata management library allows a attacker to cause a service failure.

The vulnerability of the Databuf function in the types.cpp component of the Exiv2 media metadata management library is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Attendance Management System 代码问题漏洞

SourceCodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. SourceCodester Student Attendance Management System version 1.0 contains a file upload vulnerability, which is caused by the lack of validation of uploaded files by th...

TuziCMS SQL注入漏洞

TuziCMS Rabbit CMS is a PHP and MySQL-based enterprise content management system CMS. SQL injection vulnerability exists in TuziCMS version 2.0.6, which stems from the fact that AppManageControllerBannerController.class.php lacks validation for external input SQL statements. An attacker could use...

PT-2022-13194 · WordPress · The Menu Image

Name of the Vulnerable Software and Affected Versions: The Menu Image, Icons made easy WordPress plugin version 3.0.6 and earlier Description: The issue arises from the lack of authorization and CSRF checks when saving menu settings. Additionally, the settings are not validated, sanitized, and...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

ArchivistaBox webclient 跨站脚本漏洞

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

PT-2022-3854 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 5.9c.4729 B20191112 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5050 B20200504 TOTOLINK A950RG...