Lucene search
K

92 matches found

Exploit DB
Exploit DB
added 2024/03/28 12:0 a.m.389 views

Workout Journal App 1.0 - Stored XSS

Exploit Title: Workout Journal App 1.0 - Stored XSS Date: 12.01.2024 Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows /...

4.7CVSS6.7AI score0.00443EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-21072 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue is related to improper input validation, which can result in unauthenticated Customer Premises Equipment CPE devices storing arbitrarily large amounts of...

5.9CVSS7AI score0.00465EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.6 views

PT-2023-29136 · Online Movie Ticket Booking System +1 · Online Movie Ticket Booking System

Name of the Vulnerable Software and Affected Versions: process registration.php affected versions not specified Description: The issue is related to the 'age' parameter of the process registration.php resource, which does not validate the characters received, and they are sent unfiltered to the...

9.8CVSS9.3AI score0.00805EPSS
Exploits1References8
OSV
OSV
added 2023/09/27 3:19 p.m.5 views

CVE-2023-41233

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.1CVSS5.9AI score0.00571EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/26 8:15 a.m.12 views

CVE-2023-41233

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.7AI score0.00571EPSS
Exploits0References2
OSV
OSV
added 2023/06/28 10:34 p.m.23 views

GHSA-GH66-FP7J-98V5 Shopware improper mail validation vulnerability

Impact The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. Patches We recommend updating to the current version 5.7.18. You can get the update to...

5.3CVSS5.2AI score0.00649EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/06/27 4:29 p.m.35 views

CVE-2023-34099 Improper mail validation in Shopware

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7....

5.3CVSS5.5AI score0.00649EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.7 views

AddressRegistry can associate same CID to different addresses at the same time

Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.5 views

authentik 授权问题漏洞

authentik is an open source identity provisioning application from authentik Open Source. Authentik suffers from an authorization issue vulnerability that stems from vulnerability to incorrect authentication, where token reuse in the invitation URL leads to bypassing access control by using a...

9.4CVSS7.4AI score0.00884EPSS
Exploits1References2
Citrix
Citrix
added 2022/06/28 12:0 a.m.143 views

VDA Registration Step by Step and Troubleshoot common VDA Registration Failures

This article explains step by step process of VDA registration and troubleshoot common VDA registration failure issues...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/02/24 3:6 p.m.11 views

Let’s Get Under the Hood of Imperva Snapshot

A stress-free guide for the prudent cloud operator With minimal setup, Imperva Snapshot enables you to immediately start your in-depth Amazon Web Services AWS RDS database assessment. With no prior training required, cloud operators can use this useful tool to pinpoint deficiencies in their...

0.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.6 views

PT-2021-21894 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.0 and earlier Description: The issue is related to insufficient validation of email addresses during the registration process. This allows attackers to trick users into signing up with attacker-controlled email addresses...

5.8CVSS5.1AI score0.00667EPSS
Exploits0References7
OSV
OSV
added 2021/07/30 10:15 p.m.5 views

CVE-2021-27491

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process...

7.5CVSS5.8AI score0.01105EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/15 12:0 a.m.7 views

Ypsomed mylife App 安全漏洞

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed suffers from a security vulnerability that...

7.5CVSS5.5AI score0.01105EPSS
Exploits0References5
0day.today
0day.today
added 2021/02/24 12:0 a.m.8 views

SpotAuditor 5.3.5 - (multiple) Denial Of Service Exploit

Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- Run the python script...

Exploits0
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.5 views

The vulnerability of the registration process for certificates in the Cisco Unified Computing System Central system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Unified Computing System Central device registration process is related to errors in verifying the authenticity of the certificates. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.5AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2021/02/09 2:15 p.m.6 views

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

6.5CVSS6.7AI score0.01355EPSS
Exploits0References1
OSV
OSV
added 2021/02/09 2:15 p.m.3 views

UBUNTU-CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

6.5CVSS5.9AI score0.01355EPSS
Exploits0References3
OSV
OSV
added 2021/01/04 6:15 p.m.21 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

9.8CVSS7AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/01/04 6:15 p.m.5 views

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a...

10CVSS5.5AI score0.02961EPSS
Exploits2References4
Rows per page
Query Builder