Lucene search
K

334 matches found

susecve
susecve
added 2023/02/15 6:14 a.m.6 views

SUSE CVE-2006-4256

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...

4.3CVSS6.9AI score0.01668EPSS
Exploits0References4
osv
osv
added 2023/01/27 2:15 p.m.3 views

CVE-2022-44718

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 2 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...

3.5CVSS5.8AI score0.00323EPSS
Exploits0References1
osv
osv
added 2023/01/27 2:15 p.m.6 views

CVE-2022-44717

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...

3.1CVSS5.8AI score0.0028EPSS
Exploits0References1
packetstorm
packetstorm
added 2023/01/13 12:0 a.m.243 views

Academy LMS 5.11 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
packetstorm
packetstorm
added 2023/01/12 12:0 a.m.261 views

eCart Web 5.0.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2023/01/11 12:0 a.m.310 views

Tiki Wiki CMS Groupware 25.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
packetstorm
packetstorm
added 2023/01/10 12:0 a.m.194 views

Online Food Ordering System 2.0 SQL Injection

Exploit Title: Online Food Ordering System v2 - Sql Injection Time-Based Blind Date: 01/10/2023 Exploit Author: Anıl Kızıltan Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

0.2AI score
Exploits0
ptsecurity
ptsecurity
added 2023/01/02 12:0 a.m.5 views

PT-2023-14165 · WordPress · Wp Autocomplete Search

Name of the Vulnerable Software and Affected Versions: WP AutoComplete Search WordPress plugin versions 1.0.4 and earlier Description: The issue arises from the plugin's failure to sanitise and escape a parameter before using it in a SQL statement via an AJAX endpoint available to unauthenticated...

9.8CVSS8AI score0.03595EPSS
Exploits5References8
ptsecurity
ptsecurity
added 2022/11/23 12:0 a.m.8 views

PT-2022-26794 · Unknown · Billing System Project

Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: A SQL injection issue was found in the Billing System Project. The vulnerability can be exploited via the id parameter at the "editorder.php" endpoint. Recommendations: For Billing System Projec...

9.8CVSS8.3AI score0.00787EPSS
Exploits0References5
prion
prion
added 2022/10/31 9:15 p.m.22 views

Sql injection

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

5CVSS7.9AI score0.00462EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2022/10/31 12:0 a.m.4 views

PT-2022-20193 · Red Os · Red Os

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due t...

9.8CVSS8AI score0.01923EPSS
Exploits1References3
zdt
zdt
added 2022/10/04 12:0 a.m.253 views

Joomla Rentalot Plus 19.05 Cross Site Scripting Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Les Arbres Design │ │ Software :...

7.4AI score
Exploits0
nessus
nessus
added 2022/09/06 12:0 a.m.33 views

NoSQL Injection Authentication Bypass

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...

8.3AI score
Exploits0References1
hackerone
hackerone
added 2022/07/12 6:6 a.m.16 views

U.S. Dept Of Defense: Open Redirect at █████

Open Redirect on https://███ User can be redirect to malicious site POC: ████████/texis/search/redir.html?query=1234&pr=External+Meta&prox=page&rorder=500&rprox=500&rdfreq=500&rwfreq=250&rlead=500&rdepth=62&sufs=3&order=r&u=http://evil.com&m=0&p=2 I hope you know the impact of open redirect and...

1.3AI score
Exploits0
cnnvd
cnnvd
added 2022/06/24 12:0 a.m.2 views

Prison Management System SQL注入漏洞

Prison Management System is a prison management system from Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the id in /pms/admin/cells/viewcell.php in the application. parameter in /pms/admin/cells/viewcell.php lacks a...

8.8CVSS6AI score0.01199EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/06/15 8:15 p.m.5 views

CVE-2022-32373

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getexam.php?id=...

7.2CVSS5.8AI score0.00909EPSS
Exploits1References2
packetstorm
packetstorm
added 2022/05/23 12:0 a.m.294 views

Blockchain AltExchanger 1.2.1 SQL Injection

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

0.3AI score
Exploits0
osv
osv
added 2022/05/18 6:15 p.m.16 views

CVE-2022-25617

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

6.1CVSS6AI score
Exploits0References2
huntr
huntr
added 2022/03/21 3:43 a.m.30 views

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting

Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/ /interface/super/rules/index.php?action=edit!submitsummary Affected Parameters “fldtitle” Authentication Required? Yes Issue Summary Non-privilege users accounting, front-office can create new rule an...

3.5CVSS0.769EPSS
Exploits2References1
packetstorm
packetstorm
added 2022/03/07 12:0 a.m.400 views

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

7.4AI score
Exploits0
Rows per page
Query Builder