9 matches found
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
CVE-2024-48509
Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...
📄 Online Exam Mastering System 1.0 Cross Site Scripting
Online Exam Mastering System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage:...
Tourism Management System v2.0 - Arbitrary File Upload
Exploit Title: Tourism Management System v2.0 - Arbitrary File Upload Google Dork: N/A Exploit Author: SoSPiro Date: 2024-02-18 Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/tourism-management-system-free-download/ Version: 2.0 Tested on: Windows 10 Pro Impact:...
ruby: HTTP response splitting in WEBrick
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...
DUware DUamazon Pro 3.03.1 - type.asp?iType SQL Injection
DUware DUamazon Pro 3.03.1 - type.asp?iType SQL Injection source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...
jPORTAL 2.3.1 - Banner.php SQL Injection
jPORTAL 2.3.1 - Banner.php SQL Injection source: https://www.securityfocus.com/bid/13103/info JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting
Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/12420/info Reportedly Eurofull E-Commerce is affected by a cross-site scripting vulnerability in the 'mensresp.asp' script. This issue is due to a failure of the application to properly sanitize...
MercuryBoard < 1.1.6 SQL Injection
Binary data 4510.prm...