Lucene search
K

117 matches found

Cvelist
Cvelist
added 2023/12/15 9:20 a.m.28 views

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

9.8CVSS9.8AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2023/07/21 4:15 a.m.9 views

CVE-2023-37291

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...

9.8CVSS9.1AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/21 12:0 a.m.3 views

Galaxy Software Services Vitals ESP 信任管理问题漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A trust management issue vulnerability exists in Vitals ESP versions 3.0.8 through 6.2.0, which arises from the use of a hard-coded encryption key that can be exploited by an...

9.8CVSS8.5AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2023/05/11 11:15 a.m.16 views

CVE-2023-31498

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...

9.8CVSS9.8AI score0.02131EPSS
Exploits1References3
Prion
Prion
added 2023/05/11 11:15 a.m.16 views

Privilege escalation

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...

7.5CVSS9.7AI score0.02131EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.4 views

PT-2023-23364 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHP Gurukul Hospital Management System version 4.0 Description: A privilege escalation issue allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. Recommendations: For PHP Gurukul...

9.8CVSS9.8AI score0.02131EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/11 12:0 a.m.12 views

CVE-2023-31498

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...

9.8AI score0.02131EPSS
Exploits1References3
CVE
CVE
added 2023/05/11 12:0 a.m.50 views

CVE-2023-31498

Summary: CVE-2023-31498 concerns PHP Gurukul Hospital Management System in version 4.0 with a privilege escalation flaw that allows a remote attacker to execute arbitrary code and access sensitive data via the session token parameter. The available connected documents consistently describe the vu...

9.8CVSS9.6AI score0.02131EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2023/05/02 12:0 a.m.232 views

Companymaps v8.0 - Stored Cross Site Scripting Vulnerability

Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...

5.4CVSS6.6AI score0.05097EPSS
Exploits4
NVD
NVD
added 2023/03/28 3:15 p.m.24 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6AI score0.01499EPSS
Exploits1References1
OSV
OSV
added 2023/03/28 3:15 p.m.18 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6AI score
Exploits0References1
Prion
Prion
added 2023/03/28 3:15 p.m.15 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

5.8CVSS6AI score0.01499EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.8 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1AI score0.01499EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.5 views

PT-2023-20892 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...

6.1CVSS5.7AI score0.01499EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.4 views

PT-2022-6406 · NetGear · Netgear Cax30

Name of the Vulnerable Software and Affected Versions: NETGEAR CAX30S versions affected versions not specified NETGEAR CAX30 versions affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers...

8.8CVSS7.5AI score0.01144EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 1:21 a.m.19 views

PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score0.01244EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/06 9:15 p.m.3 views

CVE-2021-40313

Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwgtoken in /admin/batchmanagerglobal.php...

8.8CVSS5.8AI score0.01112EPSS
Exploits1References2
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.16 views

Unclear TwapOracle.consult algorithm

Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...

6.8AI score
Exploits0
Prion
Prion
added 2021/01/26 6:15 p.m.16 views

Default credentials

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...

5CVSS7.6AI score0.02364EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2021/01/21 3:1 p.m.40 views

CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...

7.6AI score0.02364EPSS
Exploits2References5
Rows per page
Query Builder