SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the saveuser operation in the Actions.php file,...

CVE-2022-0385

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting...

CVE-2019-12374

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

EUVD-2019-4009

Malware in sbrugna...

PT-2025-23955 · Unknown · Campcodes Online Recruitment Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Recruitment Management System version 1.0 Description: A critical issue has been identified, affecting the /admin/ajax.php?action=login file. The Username argument is vulnerable to sql injection, which can be exploited...

BIT-REDASH-2020-36144

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization...

CVE-2023-1861 Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

Design/Logic Flaw

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary...

PT-2022-25472 · Git +2 · Librenms +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a user to enable their own account even if it was disabled by an admin, as long as the user still holds a valid session. Additionally,...

Sql injection

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

CVE-2019-12374

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

CVE-2019-12374

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

Free Web Chat Initial Release - UserManager.java Null Pointer Denial of Service

// source: https://www.securityfocus.com/bid/10863/info Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported: The first denial of service vulnerability reported results from a lack of sufficient sanitization performed on username...

Free Web Chat Initial Release - Connection Saturation Denial of Service

source: https://www.securityfocus.com/bid/10863/info Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported: The first denial of service vulnerability reported results from a lack of sufficient sanitization performed on username dat...

Free Web Chat Initial Release - UserManager.java Null Pointer Denial of Service

Free Web Chat Initial Release - UserManager.java Null Pointer Denial of Service // source: https://www.securityfocus.com/bid/10863/info Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported: The first denial of service vulnerabilit...