CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

EUVD-2020-30916

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

PT-2026-5280

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add entry.php endpoint to determine user existence by measuring...

CVE-2020-22039

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inaviaddientry function...

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...

PT-2025-7772 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress version 1.3.1 Description: A stored Cross-Site Scripting issue was identified within the "Add Entry" feature, allowing authenticated attackers to inject malicious JavaScript payloads into blog posts. This is executed when other user...

SUSE CVE-2015-8928

The processaddentry function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...

PT-2022-35134 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a potential dir corruption in ext4 when the ext4 dx add entry function fails. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

DEBIAN-CVE-2015-8928

The processaddentry function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...

MyGuestBK Add.asp Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7211/info It has been reported that MyGuestBK does not sufficiently filter user-supplied URI parameters on the MyGuestBK Information Server 'Add Entry' page. It may be possible for a remote attacker to create a malicious...