11 matches found
CVE-2025-51683
A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...
CVE-2025-26363
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...
PT-2025-7152 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote attacker to enable an authenticati...
Q-Free MAXTIME Suite 访问控制错误漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...
Malicious code in fxa-profile-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9951fa605bb2df4520bedd105a7e1b9c0c3719b4fcc2ca3eb3cf26ea57d65042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Multiple Cross-Site Scripting Vulnerabilities in HP Smart Profile Server Data Analytics Layer
HP Smart Profile Server Data Analytics Layer is a product from Hewlett-Packard HP designed for communications service providers to manage and analyze customer data for telecom business needs. Multiple cross-site scripting vulnerabilities exist in HP Smart Profile Server Data Analytics Layer versi...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5444
Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5444
Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5444
CVE-2015-5444 affects HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 up to 2.3.4; multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script via unspecified vectors. Root cause details aren’t explicitly stated in the connected documents. Impact is remote code e...
Kcms Profile Server
The Kodak Color Management System service is running. The KCMS service on Solaris 2.5 could allow a local user to write to arbitrary files and gain root access. Patches: 107337-02 SunOS 5.7 has been released and the following should be out soon: 111400-01 SunOS 5.8, 111401-01 SunOS 5.8x86...