15 matches found
EUVD-2024-31962
Malicious code in bioql PyPI...
BGS Interactive SINAV.LINK Exam Result Module SQL注入漏洞
BGS Interactive SINAV.LINK Exam Result Module is a system component of BGS Interactive that manages exam results. A SQL injection vulnerability exists in BGS Interactive SINAV.LINK Exam Result Module versions prior to 1.2, which stems from improper neutralization of a special element and could le...
CVE-2014-125127
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...
CVE-2024-3373
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RSM Design Website Template allows SQL Injection. This issue affects Website Template: before 1.2...
CVE-2024-9478
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2...
Yealink Config Encrypt Tool Security Vulnerability
YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...
QAnything Security Breach
NetEase QAnything is a local knowledgebase Q&A system from NetEase that supports any file or database format, and can be installed and used offline. A security vulnerability exists in QAnything versions prior to 1.2.0, which stems from a security flaw in the component...
PT-2024-14834
Name of the Vulnerable Software and Affected Versions Mergen Software Quality Management System versions prior to v1.2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attack...
CVE-2023-4737
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2...
PT-2023-30432
Name of the Vulnerable Software and Affected Versions Hedef Tracking Admin Panel versions prior to 1.2 Description The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
SUSE CVE-2015-5654
Cross-site scripting XSS vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2022-1279
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...
CVE-2021-24510
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue...
WordPress wps-child-theme-generator plugin path traversal vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wps-child-theme-generator is a website theme generator plugin used in it. A path traversal vulnerability exists in versions...
Atlassian Floodlight Controller LoadBalancer Module Denial of Service Vulnerability
Atlassian Floodlight Controller is a Floodlight Controller product from Atlassian Australia.LoadBalancer module is one of the load balancing modules. A contention condition vulnerability exists in the LoadBalancer module in Atlassian Floodlight Controller versions prior to 1.2. A remote attacker...