PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

PT-2023-9948 · Unknown · Hd Flv Player Plugin

Name of the Vulnerable Software and Affected Versions: HD FLV Player Plugin versions up to 1.7 Description: A critical issue has been found in the HD FLV Player Plugin, affecting the function hd add media/hd update media of the file functions.php. The manipulation of the argument name leads to SQ...

CVE-2023-1909

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible ...

CVE-2023-1747

A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The explo...

PT-2023-16872 · Sourcecodester · Sourcecodester Covid 19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A critical issue was found in the COVID 19 Testing Management System, affecting an unknown functionality of the patient-report.php file, specifically in the POST...

Cross site scripting

A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This...

PT-2023-16618 · Unknown · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Pharmacy Management System version 1.0 Description: A critical issue has been found in the Avatar Image Handler component of the file add.php, leading to unrestricted upload. The attack can be initiated remotely. The issue affect...

SUSE CVE-2014-6425

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

Cross site scripting

A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned ...

CVE-2018-25068 devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file

A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...

CVE-2022-4728

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2022-4632

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...

DuxCMS 安全漏洞

DuxCMS is an open source content management system. A security vulnerability exists in DuxCMS version 2.1, which originates from cross-site scripting due to manipulation of the content parameter in an unknown section of its Article Handler component admin.php&r=article/AdminContent/edit file. The...

CVE-2022-26330

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting XSS. This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions...

CVE-2017-20145

CVE-2017-20145 affects Tecrail Responsive Filemanger up to version 9.10.x. The root cause is a path traversal vulnerability that enables remote access to files. Several connected sources corroborate a critical impact and indicate upgrading to version 9.11.0 as the fix. In at least one reference, ...

Pyramid Solutions EtherNet/IP Adapter Development Kit

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Pyramid Solutions, Inc. Equipment: EtherNet/IP Adapter Development Kit Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with...

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2022-1416)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

MySQL -- Multiple vulnerabilities

Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...