160 matches found
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...
1E Platform Security Vulnerability
1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in versions prior to 1E Platform v20.1 that stems from a command that fails to properly validate URL parameters, allowing specially crafted input to execute arbitrary code with system...
WP Full Stripe Free <= 1.6.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Abandoned Cart Lite for WooCommerce < 5.16.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Popup contact form <= 7.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Save as Image by Pdfcrowd < 2.16.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-40801
The sub451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...
PT-2023-27641 · Tenda · Tenda Ac23
Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: The issue arises from the sub 4781A4 function not validating user-entered parameters, leading to a post-authentication stack overflow. This occurs after a user has successfully authenticated,...
CVE-2023-23302
The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...
Connect IQ 安全漏洞
Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from not validating the parameters of an API function, which result...
Online Exam System SQL注入漏洞
Online Exam System is an online exam system. Online Exam System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameters columns, data of /classes/Master.php?f=deleteservice/kelasdosen/data for external input SQL statements. An attacker can...
DEBIAN-CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...
WordPress plugin Loan Comparison 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
ConnectWise Control 注入漏洞
ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. An injection vulnerability exists in ConnectWise Control versions prior to 22.9.10032 that stems from an inability to validate user-supplied parameters...
WordPress plugin WP VR 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Annual Archive 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers. A cross-site scripting...
WordPress plugin Giveaways and Contests by RafflePress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Contextual Related Posts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin ShiftNav 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...