Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center suffers from a SQL injection vulnerability that stems from the web-based management interface not adequately validating user input. A remote attacker coul...

PT-2024-33761 · Siadmin · Siadmin

Name of the Vulnerable Software and Affected Versions: SiAdmin version 1.1 Description: The issue allows SQL injection via the "/modul/mod kuliah/aksi kuliah.php" parameter in nim. This could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the...

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

CASAP Automated Enrollment 安全漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of this project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient, and easily retrievable. A...

PT-2024-25756 · Sourcecodester · Sourcecodester Stock Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Visitor Management System version 1.0 Description: The issue allows attackers to execute arbitrary SQL commands, potentially leading to data exfiltration. This can be exploited remotely via the id parameter in the...

CVE-2024-32370

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component...

The vulnerability of the WP Encryption plugin in the WordPress content management system allows attackers to disclose protected information.

The vulnerability of the WP Encryption plugin in the WordPress content management system is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

CVE-2023-23474

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403...

CVE-2023-39466

Triangle MicroWorks SCADA Data Gateway getconfig Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit...

CVE-2023-38116

Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit...

The vulnerability of the Hotspot component in Oracle Java SE software, as well as in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines, allows attackers to modify, add, or delete data.

The vulnerability of the Hotspot component of the Oracle Java SE software platform, as well as of the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to...

Vaales Technologies V_QRS 安全漏洞

Vaales Technologies VQRS is a digital business card solution from Vaales Technologies, India. A security vulnerability exists in Vaales Technologies VQRS version v.2024-01-17, which stems from a vulnerability that allows remote attackers to obtain sensitive information via the Models/FormModel.ph...

PT-2024-25189 · Unknown · Realisation Mgsd

Name of the Vulnerable Software and Affected Versions: Realisation MGSD version 1.0 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the id parameter. Recommendations: For version 1.0, avoid using the id parameter in affected API endpoints unti...

PT-2024-20956 · Unknown · Shixcam A9 Camera

Name of the Vulnerable Software and Affected Versions: SHIXCAM A9 Camera version v.CYCAM 48B BC01 v87 0903 Description: An issue in the SHIXCAM A9 Camera firmware allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. Recommendations: For version v.CYCAM 48B...

The vulnerability of the Alternate Services component in the Firefox web browser, related to integer overflow, allows an attacker to compromise data integrity.

The vulnerability of the Alternative Services component in the Firefox web browser is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the Prompts component in Microsoft Edge and Google Chrome browsers allows a perpetrator to access confidential information.

The vulnerability of the Prompts component in Microsoft Edge and Google Chrome is related to improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information remotely...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...