CVE-2024-7367

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit...

CVE-2024-6058

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&iframename=list&crc=crc1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is...

ROS-20240521-03

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...

CVE-2024-3482

The CVE-2024-3482 entry concerns OpenText ArcSight Enterprise Security Manager and ArcSight Platform, describing a Stored Cross-Site Scripting (XSS) vulnerability that could be remotely exploited. Concrete details from connected sources include: affected products (ArcSight ES Manager and ArcSight...

agest.cl Cross Site Scripting vulnerability OBB-3907820

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-3356

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/modsettings/controller.php?action=add. The manipulation of the argument type leads to sql injection...

enersys.ru Cross Site Scripting vulnerability OBB-3897221

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-24659 · Unknown · Sourcecodester Internship Portal Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Internship Portal Management System version 1.0 Description: A critical issue has been found in the SourceCodester Internship Portal Management System, affecting the processing of the file admin/edit admin.php. The manipulation...

CVE-2024-3039

Affected software: Shanghai Brad Technology BladeX 3.4.0. Vulnerable component: API endpoint /api/blade-user/export-user. Root cause: SQL injection via input manipulation using updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1). Impact: potential remote exploitation allowing unauthorized access or d...

CVE-2024-2903

CVE-2024-2903 affects Tenda AC7 firmware version 15.03.06.44. A stack-based buffer overflow is triggered in the GetParentControlInfo function located at /goform/GetParentControlInfo via manipulation of the mac argument. The vulnerability permits remote code execution or crash, with a publicly dis...

CVE-2024-2773

A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-1811

A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited...

BIT-ENVOY-2021-28683

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received...

PT-2024-18688 · Sourcecodester · Sourcecodester Petrol Pump Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Petrol Pump Management Software version 1.0 Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/app/profile crud.php. The manipulation of the username argument leads to...

fn-link.com Cross Site Scripting vulnerability OBB-3856791

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-18347 · Sourcecodester · Sourcecodester Complete File Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complete File Management System version 1.0 Description: A critical vulnerability has been found in the Admin Login Form component of the file /admin/. The manipulation of the username argument with a specific input leads to SQ...

CVE-2024-1749

A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site...

CVE-2024-1432

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function applyxseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of ...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/editchicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

PT-2024-15609 · Unknown · Kashipara Billing

Name of the Vulnerable Software and Affected Versions: Kashipara Billing Software version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the gstn no argument leads to sql injection. This...