CVE-2025-8789

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2022-46102

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fstdown.inc.php...

Tongda OA 2017 SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version, which originates from the existence of an unknown part of the file general/hr/training/record/delete.php, which leads to sql injection via the parameter RECORDI...

Library Management System SQL Injection Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management Systems SLIMS 9 Bulian v9.6.1, which stems from vulnerability to SQL injection...

PT-2023-3346 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.2 Description: The issue is related to a use-after-free vulnerability in the cedrus remove function in the drivers/staging/media/sunxi/cedrus/cedrus.c module of the Linux kernel. This vulnerability is caused...

SUSE CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

SUSE CVE-2011-1830

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekigatest.so...

SUSE CVE-2011-2502

runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search pat...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version has a security vulnerability , the vulnerability stems from the Entities Group...

Slackware: Security Advisory (SSA:2022-320-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-38267

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=...

CVE-2022-38357

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/moduleframe/index.php...

Microweber跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber that originates from reflecting XSS on...

Mail.ru: [geekbrains.ru] Node modules path disclosure due to lack of error handling

Full stack error trace at HTTP 404-error on nexus.geekbrains.ru discloses the full path of the Node.js module directory on the server...

CVE-2020-28184

Cross-site scripting XSS vulnerability in TerraMaster TOS = 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php...

Arbitrary Code Execution

systemtap is vulnerable to arbitrary code execution. The vulnerability exists as it was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes module, used when performing user-space probing "staprun -u". A local user who is a memb...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

Ladder CMS Cross-Site Scripting Vulnerability

Tianti tianti is a free lightweight CMS system written in Java , currently provides a total solution from the back-end management to the front-end display . A cross-site scripting vulnerability exists in the user management module in tianti 2.3, which can be exploited by an attacker via the...

PYSEC-2018-43

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

ALPINE-CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...