Lucene search
K

148 matches found

CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...

9.8CVSS6.8AI score0.00292EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.2 views

CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

5.4CVSS5.4AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

5.4CVSS6.4AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-15269 · WordPress · The Paytium: Mollie Payment Forms & Donations

Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations plugin for WordPress versions up to, and including, 4.3.7 Description: The issue allows unauthorized data modification due to a missing capability check on the update profile preference function...

5.4CVSS7AI score0.00272EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.233 views

Online Notice Board System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Notice Board System project 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...

7.4AI score
Exploits0
OSV
OSV
added 2024/09/13 3:15 p.m.5 views

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.00785EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/07/06 12:38 p.m.86 views

U.S. Dept Of Defense: Email Takeover leads to permanent account deletion

The security vulnerability found allowed an attacker to change the email address of a victim's account, leading to the permanent deletion of the victim's account. The vulnerability was caused by improper authentication on the change email functionality...

7.3AI score
Exploits0
OSV
OSV
added 2024/01/04 3:15 p.m.3 views

CVE-2023-50760

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS5.9AI score0.01213EPSS
Exploits1References2
OSV
OSV
added 2024/01/04 2:15 p.m.5 views

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.9AI score0.00672EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.4 views

Online Notice Board System Code Issue Vulnerability

Online Notice Board System is an online bulletin board system. A security vulnerability exists in version v1.0 of the Online Notice Board System, which stems from an insecure file upload vulnerability in the f parameter of the user/updateprofilepic.php page...

8.8CVSS7AI score0.01213EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-13967 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.6 views

Online Notice Board System SQL Injection Vulnerability

Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in the v1.0 version of Online Notice Board System, which occurs when the dd parameter of the user/updateprofile.php page is processed without filtering the data and sending it to the database for...

9.8CVSS7.9AI score0.00672EPSS
Exploits1References3
Prion
Prion
added 2023/11/13 11:15 p.m.20 views

Cross site scripting

Cross Site Scripting XSS in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters...

5.8CVSS6.5AI score0.00479EPSS
Exploits4References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/13 12:0 a.m.13 views

CVE-2023-46020

Cross Site Scripting XSS in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters...

6.4AI score0.00479EPSS
Exploits4References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.179 views

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Register a student account and go to the...

5.4CVSS6AI score0.00403EPSS
Exploits2
CNNVD
CNNVD
added 2023/08/12 12:0 a.m.4 views

WordPress plugin Premium Packages - Sell Digital Products Securely Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS6.6AI score0.00794EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.5 views

YznCMS 跨站请求伪造漏洞

YznCMS is a backend development framework. A cross-site request forgery vulnerability exists in YznCMS v1.1.0, which stems from insufficiently verifying that a request comes from a trusted user in /public/admin/profile/update.html. An attacker could exploit this vulnerability by constructing a PO...

6.5CVSS6.7AI score0.00242EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.3 views

WordPress Plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.3AI score0.01605EPSS
Exploits1References4
OSV
OSV
added 2023/01/13 7:15 p.m.2 views

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...

5.4CVSS5.8AI score0.00447EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/13 12:0 a.m.7 views

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...

5.3AI score0.00447EPSS
Exploits1References1
Rows per page
Query Builder