5655 matches found
Sql injection
A vulnerability classified as critical has been found in Bylancer QuickJob 6.1. Affected is an unknown function of the component GET Parameter Handler. The manipulation of the argument keywords/gender leads to sql injection. It is possible to launch the attack remotely. VDB-234234 is the identifi...
Sql injection
A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. Affected is an unknown function of the file /index.php/payment/getcoinaddress of the component POST Parameter Handler. The manipulation of the argument coinid leads to sql injection. It is...
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP ENIP communication module models that could be exploited to achieve remote code execution and denial-of-service DoS. "The results and impact of...
Cross site scripting
A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to launch the attack...
Cross site scripting
A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The attack ca...
Security Bulletin: ICP Match 360 is vulnerable to the following CVEs
Summary ICP Match 360 is vulnerable to the following CVEs CVE-2022-3697, CVE-2022-41721, CVE-2022-41723, CVE-2015-3627, CVE-2022-23471, CVE-2023-25153, CVE-2023-25173 Vulnerability Details CVEID:CVE-2022-3697 DESCRIPTION: Ansible Collections Amazon AWS Collection could allow a remote attacker to...
The vulnerability of Microsoft SharePoint Server and Microsoft SharePoint Server Subscription Edition packages lies in information representation errors in the user interface, which allows attackers to perform spoofing attacks.
The vulnerability of Microsoft SharePoint Server and Microsoft SharePoint Server Subscription Edition packages is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
Security advisory: Qt Network
A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-34410. In some circumstances, system CA certificates list remains unexpectedly active for the authentication of SSL peers. In a case where clients are supposed to be...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Netatalk vulnerabilities (USN-6146-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6146-1 advisory. It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A...
CVE-2023-3152
A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\viewpost.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to t...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\managecategory.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...
Open redirect
A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function processrequest of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to...
Cross site request forgery (csrf)
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched...
CVE-2023-2979
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
Information disclosure
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...
Deserialization of untrusted data
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...
Sql injection
A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/editsubject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service DoS condition. "These vulnerabilities are due to improper validation of reques...
PT-2023-2809 · Cisco · Cisco Small Business Series Switches
Name of the Vulnerable Software and Affected Versions: Cisco Small Business Series Switches affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches. These vulnerabilities could...