100 matches found
CVE-2021-21260
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
DTP tNexus Airport View 安全漏洞
DTP tNexus Airport View is an application from DTP that helps airport users track and monitor operational information. It is used to track operational updates to enhance airport operations and passenger experience. A security vulnerability exists in DTP tNexus Airport View version 2.8, which stem...
CVE-2022-28320
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2024-53855
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-9526 Stored XSS in Kubeflow Pipeline View
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...
CVE-2024-37368
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...
VulnCheck KEV: CVE-2022-1026
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function...
CVE-2023-32169
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Inventory Manager version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/batchesview.php...
GHSA-9X43-5QCQ-H79Q Django Grappelli Open Redirect vulnerability
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
CVE-2023-43090 Gnome-shell: screenshot tool allows viewing open windows when session is locked
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool...
The vulnerability of the Guest View component in Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of the Guest View component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
PT-2023-2874 · D Link · D-Link D-View
Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw...
Simple Client Management System SQL注入漏洞
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in /cms/admin/?page=...
Bentley View 3DM File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM...
CVE-2021-46626
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2021-46626
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2021-46570
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-46571
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2021-34943
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...