CVE-2023-49232

CVE-2023-49232 affects Stilog Visual Planning 8. An unauthenticated attacker can bypass authentication by brute-forcing administrative password reset PINs, enabling account access via the Visual Planning app. The vulnerability impacts the password-reset flow and can lead to administrative comprom...

Campcodes Complete Online DJ Booking System SQL注入漏洞

Campcodes Complete Online DJ Booking System is an online DJ booking system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Complete Online DJ Booking System, which originates from a SQL injection vulnerability in the searchdata parameter of the...

CVE-2024-2680

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The explo...

CVE-2024-2672 Campcodes Online Job Finder System controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...

CVE-2024-2672

CVE-2024-2672 affects Campcodes Online Job Finder System 1.0. The Red Hat and vendor records confirm a SQL injection vulnerability in the /admin/user/controller.php file, triggered by manipulating the UESRID parameter. The issue is exploitable remotely and, per disclosures, the exploit is public....

CVE-2024-2671

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

PT-2024-21658 · Unknown · Campcodes Complete Online Dj Booking System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online DJ Booking System version 1.0 Description: A critical issue has been found in the processing of the file /admin/user-search.php, where the manipulation of the searchdata argument leads to SQL injection. The attack ca...

Campcodes Online Job Finder System Cross-Site Scripting Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a cross-site scripting vulnerability in the view parameter of the /admin/user/index.ph...

PT-2024-21681 · Unknown · Campcodes Complete Online Dj Booking System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online DJ Booking System version 1.0 Description: A problematic issue was found in the system, affecting some unknown functionality of the file /admin/user-search.php. The manipulation of the searchdata argument leads to...

PT-2024-21483 · Unknown · Campcodes Online Job Finder System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical vulnerability was found in the Campcodes Online Job Finder System. The issue affects an unknown functionality of the file /admin/user/index.php. The manipulation of the id...

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

Remote code execution

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2024-22397

This CVE affects SonicOS SSLVPN Portal (SonicWall) and is a Stored Cross-Site Scripting flaw. Root cause: improper neutralization of input during web page generation. Impact: an authenticated remote attacker with firewall admin privileges can store and execute arbitrary JavaScript in the context ...

JetBrains TeamCity 2023.05.3 - Remote Code Execution Exploit

Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: email protected - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on: 2023.05.3 -...

CVE-2024-28195 Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

BIT-TYPO3-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

BIT-NODE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...

BIT-MINIO-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...

BIT-ESPOCRM-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...