CVE-2023-3561

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to initiate...

PT-2023-25228 · Unknown · Gz Scripts Event Booking Calendar

Name of the Vulnerable Software and Affected Versions: GZ Scripts Event Booking Calendar version 1.8 Description: A problematic issue has been discovered, affecting an unknown function of the file /load.php. The manipulation of the arguments first name, second name, phone, address 1, or country...

PT-2023-25230 · Unknown · Gz Scripts Ticket Booking Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts Ticket Booking Script version 1.8 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /load.php. The manipulation of the arguments first name, second name, phone, addres...

PT-2023-25231 · Unknown · Gz Scripts Php Gz Hotel Booking Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP GZ Hotel Booking Script version 1.8 Description: A problematic issue was found in the software, affecting an unknown part of the file /load.php. The manipulation of the arguments first name, second name, phone, address 1, or...

PT-2023-25229 · Unknown · Gz Scripts Php Gz Appointment Scheduling Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP GZ Appointment Scheduling Script version 1.8 Description: A problematic vulnerability was found in the GZ Scripts PHP GZ Appointment Scheduling Script. The issue affects an unknown functionality of the file /load.php. The...

PT-2023-25216 · Unknown · Gz Scripts Availability Booking Calendar Php

Name of the Vulnerable Software and Affected Versions: GZ Scripts Availability Booking Calendar PHP version 1.8 Description: A vulnerability was found in the HTTP POST Request Handler component, affecting an unknown part of the file load.php. The manipulation of the arguments cid, first name,...

Availability Booking Calendar PHP 跨站脚本漏洞

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system . A cross-site scripting vulnerability exists in GZ Scripts Availability Booking Calendar PHP version 1.8, which stems from the parameter cid/firstname/secondname/address1/country in the file load.p...

SUSE CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

SUSE CVE-2020-15704

The modprobe child process in the ./debian/patches/loadpppgenericifneeded patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBEOPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2,...

Senayan Library Management System 9.2.2 SQL Injection

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session. Author: nu11secur1ty Date: 12.20.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...

PT-2022-19570 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including 9.0 Description: The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass, making user enumeration possible. This is due to improper validati...

Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`

Impact A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: "/Users/foo/resources" When passing relative paths to these two vulnerabl...

Venice 路径遍历漏洞

Venice is a Clojure-inspired, sandboxed Lisp dialect from the individual developers of jlangch in Switzerland, with excellent Java interoperability. It can be used as a safe scripting language. A path traversal vulnerability exists in Venice 1.10.16 and earlier, which stems from a partial path...

CVE-2022-36007 Partial Path Traversal in com.github.jlangch:venice

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...

CVE-2022-36007 Partial Path Traversal in com.github.jlangch:venice

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...

CVE-2022-36007

Venice (com.github.jlangch:venice) contains a Partial Path Traversal flaw in the load-file and load-resource functions. When given absolute paths whose name prefix matches a configured load path (e.g., "/Users/foo/resources"), an attacker can access files outside the intended directory (e.g., "/U...

Air Cargo Management System v1.0 - SQLi

Title: Air Cargo Management System v1.0 - SQLi Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html Reference:...

The vulnerability of the Sphinx search system, related to a path traversal error, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Sphinx search system is related to a path traversal error. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the CALL SNIPPETS operator or the loadfile function...

OESA-2022-1496 sphinx security update

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

DEBIAN-CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...