38 matches found
CVE-2022-45217
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...
Cross site scripting
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...
Book Store Management System 跨站脚本漏洞
Book Store Management System is an online bookstore system by Carlo Montero Personal Developer. A security vulnerability exists in Book Store Management System v1.0.0. An attacker can exploit this vulnerability by injecting a specially crafted payload into the Level parameter under the Add New...
Jenkins Promoted Builds (Simple) Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability
Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...
Authentication flaw
The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze securitylevel field...
UBUNTU-CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
DEBIAN-CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
CVE-2017-6823
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action...
Design/Logic Flaw
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action...
CVE-2017-6823
CVE-2017-6823 affects Fiyo CMS 2.0.6.1. A remote authenticated user can gain privileges by manipulating the level parameter in dapur/ (app=user&act=edit), abusing the system’s user-group handling to escalate access. Exploit references exist (Exploit-DB, PRION). No patch details are provided in th...
SQL Injection Vulnerability in Webservice of Wando ezOFFICE Collaboration Office System
Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A SQL injection vulnerability exists in the Wando ezOFFICE Collaborative Office System webservice. The lack of filtering of the 'SOAP unitLevel' parameter allows attackers to exploit the...
CVE-2012-5833
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute...
PT-2011-1866 · Php Fusion · Php-Fusion
Name of the Vulnerable Software and Affected Versions: PHP-Fusion affected versions not specified Description: A directory traversal issue in maincore.php allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folder level parameter. This issue has been...
PT-2007-6317 · Ossigeno · Ossigeno Cms
Name of the Vulnerable Software and Affected Versions: Ossigeno CMS version 2.2 alpha3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the level parameter in the upload/common/footer.php file. Recommendations: For Ossigeno CMS version 2.2 alpha3, consider...
CVE-2007-5109
Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...
CVE-2007-5109
Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...
UBUNTU-CVE-2007-5109
Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...