117 matches found
CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...
CVE-2023-37291
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...
Galaxy Software Services Vitals ESP 信任管理问题漏洞
Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A trust management issue vulnerability exists in Vitals ESP versions 3.0.8 through 6.2.0, which arises from the use of a hard-coded encryption key that can be exploited by an...
CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...
Privilege escalation
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...
PT-2023-23364 · Unknown · Phpgurukul Hospital Management System
Name of the Vulnerable Software and Affected Versions: PHP Gurukul Hospital Management System version 4.0 Description: A privilege escalation issue allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. Recommendations: For PHP Gurukul...
CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...
CVE-2023-31498
Summary: CVE-2023-31498 concerns PHP Gurukul Hospital Management System in version 4.0 with a privilege escalation flaw that allows a remote attacker to execute arbitrary code and access sensitive data via the session token parameter. The available connected documents consistently describe the vu...
Companymaps v8.0 - Stored Cross Site Scripting Vulnerability
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
Cross site scripting
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
PT-2023-20892 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...
PT-2022-6406 · NetGear · Netgear Cax30
Name of the Vulnerable Software and Affected Versions: NETGEAR CAX30S versions affected versions not specified NETGEAR CAX30 versions affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers...
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2021-40313
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwgtoken in /admin/batchmanagerglobal.php...
Unclear TwapOracle.consult algorithm
Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...
Default credentials
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...
CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...