2302 matches found
CVE-2023-36970
A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...
Code injection
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROSVERSION is 2 and ROSPYTHONVERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the...
New Mockingjay Process Injection Technique Could Let Malware Evade Detection
A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers...
CVE-2023-3380
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit h...
Design/Logic Flaw
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit h...
CVE-2023-2695
A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns1data leads to sql injection. The attack can be...
CVE-2023-2658
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely...
PT-2023-20755 · Sourcecodester · Sourcecodester Online Computer/Laptop Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the file view product.php, where the manipulation of the id argument leads to sql injection. This can be initiated remotely. Recommendation...
PT-2023-20759 · Sourcecodester · Sourcecodester Online Computer/Laptop Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Computer and Laptop Store, affecting the file view categories.php. The manipulation of the c argumen...
PT-2023-17439 · Unknown · Control Id Rhid
Name of the Vulnerable Software and Affected Versions: Control iD RHiD version 23.3.19.0 Description: A problematic vulnerability was found in the Edit Handler component, affecting an unknown part of the file /v2/customerdb/operator.svc/a. The manipulation of the email argument leads to SQL...
CVE-2023-1951
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function deletebrand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely...
CVE-2023-25330
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...
CVE-2023-1793
A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is...
PT-2023-17207 · Ibos · Ibos
Name of the Vulnerable Software and Affected Versions: IBOS version 4.5.5 Description: A critical issue affects some unknown functionality of the file "/?r=report/api/getlist" of the component Report Search, leading to sql injection. The attack may be launched remotely. Recommendations: For IBOS...
CVE-2023-1351
A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file custtransac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2023-1292
A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function deleteclient of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T...
CVE-2023-22758
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...
CVE-2022-38220
CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...