HelpDezk SQL Injection Vulnerability

HelpDezk is a powerful software from HelpDezk Inc. for managing requests/events. HelpDezk version 1.1.10 suffers from a SQL injection vulnerability that originates from allowing a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid routing and extract all...

CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2023-5281

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file removeinboxmessage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-43132

szvone vmqphp =1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password...

PT-2023-5607 · D Link · D-Link Dar-8000

Name of the Vulnerable Software and Affected Versions: D-Link DAR-8000 up to 20151231 Description: A critical vulnerability was found in the D-Link DAR-8000, affecting an unknown part of the file /Tool/querysql.php. This issue leads to sql injection and can be initiated remotely. The exploit has...

CVE-2023-5014

A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2023-41159

A Stored Cross-Site Scripting XSS vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually...

CVE-2023-41013

Cross Site Scripting XSS in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2023-41013

Cross Site Scripting XSS in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

Webmin Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Webmin Usermin version 2.000. A remote attacker can use this vulnerability to inject arbitrary web script or HTML int...

CVE-2023-4747

A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tagalias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

Design/Logic Flaw

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

PT-2023-29265 · Unknown · Jeecgboot Jimureport

Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 1.6.0 Description: A critical issue was found in the Template Handler component, allowing for remote injection attacks. The exploit has been disclosed publicly. Recommendations: For jeecgboot JimuReport...

Minimati SQL注入漏洞

Minimati is a simple, lightweight and open source CMS by Kidus Personal Developers. A security vulnerability exists in Minimati version v.1.0.0, which stems from the presence of a SQL injection vulnerability that allows remote attackers to obtain sensitive information via the edit.php component...

CVE-2023-4219

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. T...

CVE-2023-3984

A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cookingmethod leads to sql injection. It is possible to initiate the atta...

The vulnerability of the SAP NetWeaver Design Time Repository, a software integration platform, allows a hacker to inject arbitrary HTML code.

The vulnerability of the SAP NetWeaver Design Time Repository software platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely...

Cross site scripting

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

Code injection

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROSVERSION is 2 and ROSPYTHONVERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the...