276 matches found
CVE-2023-23026
Cross site scripting XSS vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the productname and productprice inputs in file print.php...
CVE-2020-22327
An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information...
CVE-2021-26644
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...
Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞
Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from not properly validating an input module name to...
Event Management System 跨站脚本漏洞
Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...
TRENDnet TEW-755AP 缓冲区错误漏洞
The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the loginname parameter of the dographauth sub4061E0 function, which can be exploited by an attacker to execute arbitrary...
Stored XSS in admin panel (users page)
Description Stored XSS in admin panel in users page via inject XSS payload in Name input field by any user to affect the admin panel Proof of Concept https://drive.google.com/file/d/1EsYq3R6GRAdEbpZxp2RwQwGr4G8fJGB7/view?usp=sharing...
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
...
PT-2022-22980 · Unknown · Sourcecodester Simple Cold Storage Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Cold Storage Management System version 1.0 Description: A vulnerability was found in the My Account component, where the manipulation of the First Name argument leads to cross-site scripting. The attack can be launched...
Liferay DXP 跨站脚本漏洞
Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...
The vulnerability of the router.php implementation of the POST Parameter Handler in the Food Ordering Management System allows a perpetrator to execute arbitrary SQL code.
The vulnerability in the implementation of the router.php script of the POST Parameter Handler component of the Food Ordering Management System’s control system is related to insufficient cleaning of special elements during the processing of the user name parameter. Exploiting this vulnerability...
Tenda AC21 缓冲区错误漏洞
Tenda AC21 is a wireless router from Tenda China. Tenda AC21 version V16.03.08.15 contains a buffer overflow vulnerability, which originates from the lack of length checking of the formSetDeviceName function in /bin/httpd for input data, and can be exploited to cause httpd to restart via the...
GHSA-CV24-VH45-4HJM Foxlor cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...
CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service...
SQL Injection in Zenario 7.1-7.6
Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...
The vulnerability of the ChgSambaUserSettings() function implementation in D-Link DIR-823-Pro wireless router software allows a hacker to execute arbitrary commands.
The vulnerability of the ChgSambaUserSettings function in the microprogramming software for D-Link DIR-823-Pro wireless routers is related to insufficient cleaning of input data during the processing of the sambaname parameter. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2021-24930
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...
The vulnerability in the software web interface of F-Secure Internet Gatekeeper allows a hacker to trigger a service failure.
The vulnerability of the F-Secure Internet Gatekeeper software’s web interface relates to the use of the assert function or similar operators when processing user name parameters. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted HT...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...