111 matches found
WordPress Plugin Poptin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2023-43456
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...
PT-2023-27645 · Tenda · Tenda Ac23
Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: The issue arises from the sub 451784 function not validating user-entered parameters, leading to a stack overflow. Recommendations: For Tenda AC23 version 16.03.07.45 cn, as a temporary workaroun...
CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2023-25719
ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-45166
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role...
PT-2023-14624 · Archibus · Archibus Web Central
Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service accepts user-controlled parameters to act on the data returned to the user. This allows a basic user to access data unrelated ...
Online Diagnostic Lab Management System SQL Injection Vulnerability
Online Diagnostic Lab Management System is an online diagnostic lab management system that provides a variety of diagnostic tasks online. online Diagnostic Lab Management System is vulnerable to SQL injection in version v1.0. The vulnerability stems from the affected version not properly filterin...
CVE-2022-36257
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...
VoIPmonitor SQL Injection Vulnerability (CNVD-2022-66404)
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...
VoIPmonitor SQL注入漏洞
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...
MODX Revolution Incorrect Access Control vulnerability
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...
GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...
ZZCMS 跨站脚本漏洞
ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS 2021 is vulnerable to a cross-site scripting vulnerability that originates from a lack of restriction and filtering of user parameters in admanage.php. An attacker could exploit this vulnerability to execute client-side...
PT-2022-16104 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The Grappler component of TensorFlow is vulnerable to an integer overflow during...
CVE-2022-21741
Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...
CVE-2021-34761 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...
Hardcoded credentials
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...