PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

PT-2024-15616 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester House Rental Management System version 1.0 Description: A problematic issue has been found in the processing of the file index.php, where the manipulation of the page argument leads to cross site scripting. The attack can be...

CVE-2023-7160

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input alert0 leads to cross site...

Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...

GHSA-6GGR-CWV4-G7QG Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...

PT-2023-32799 · Unknown · Phz76 Rtspserver

Name of the Vulnerable Software and Affected Versions: PHZ76 RtspServer version 1.0.0 Description: A critical issue was found in the ParseRequestLine function of the RtspMesaage.cpp file, leading to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclose...

Oracle Patch Tuesday, October 2023 Security Update Review

Oracle has released its fourth quarterly edition of Critical Patch Update, which contains a group of patches for 387 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

CVE-2023-5019 Tongda OA delete.php sql injection

A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staffreinstatement/delete.php. The manipulation of the argument REINSTATEMENTID leads to sql injection. The attack can be initiated remotely. The exploit has been...

Siemans QMS Automotive

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Digi RealPort Protocol

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the...

Rockwell Automation Select Distributed I/O Communication Modules

1. EXECUTIVE SUMMARY ​CVSS v3 8.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Serie...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : poppler vulnerabilities (USN-6299-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6299-1 advisory. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked int...

PT-2023-28055 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.10 Description: A vulnerability was found in the Article Handler component, which can be exploited to lead to cross site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure...

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability (CVE-2016-8716)

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepti...

PT-2023-26577 · Campcodes · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /admin/index.php. The manipulation of the username argument leads to sql injection. The atta...

CVE-2023-3753 Creativeitem Mastery LMS browse cross site scripting

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The...

Siemens RUGGEDCOM ROX

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource...

Rockwell Automation FactoryTalk Transaction Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely...

PT-2023-20762 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue affects the processing of the file /classes/Master.php, where the manipulation of the id argument leads to sql injection. The attack can be initiated...