49 matches found
Grafana Teams API IDOR
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...
CVE-2021-39411
Multiple Cross Site Scripting XSS vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the 1 searchdata parameter in a doctor/search.php and b admin/patient-search.php, and the 2 fromdate and 3 todate parameters in admin/betweendates-detailsreports.php...
Online Marriage Registration System SQL Injection Vulnerability
Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...
Phpgurukul Online Marriage Registration System SQL注入漏洞
Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
Design/Logic Flaw
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
PT-2009-6399 · Testlink Team · Testlink
Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.8.5 Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the req parameter to "login.php", and allows remote authenticated users to inject arbitra...
PT-1999-1526 · Disney · Disney Go Express
Name of the Vulnerable Software and Affected Versions: Disney Go Express affected versions not specified Description: The issue allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system. Recommendations: At the moment, there is ...