EUVD-2018-4610

Malware in sbrugna...

CuteFlow 安全漏洞

CuteFlow is a web-based document flow and workflow tool from CuteFlow, Inc. A security vulnerability exists in CuteFlow 2.11.2 and earlier versions, which stems from the restartcirculationvalueswrite.php script that does not validate the file type, which could lead to arbitrary file uploads and...

CVE-2024-41785

creationtimestamp| type| source ---|---|--- 2024-11-15 14:48:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113487518002577801 2024-11-15 16:36:37+00:00| seen| https://t.me/cvedetector/11079...

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported th...

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

burnToMint and burnOrSwapExternalToMint allows bypass of periodic sales timer.

Lines of code Vulnerability details Description Sales Mode 3 is when the contract allows only one mint per period of time. However, burnToMint and burnOrSwapExternalToMint allows an user to bypass this restriction, since these functions don't have periodic sales check. This can be a problem since...

Loss of tokens because target address can be set to zero

Lines of code Vulnerability details Impact Due to the possibility of target addresses being zero, tokens transferred to zero address will be lost forever, leading to loss of funds for the users of the protocol and that tokens being out of circulation forever burned. Proof of Concept Users can...

CVE-2023-40970

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loanrules.php...

CVE-2023-40970

CVE-2023-40970 affects Senayan Library Management Systems SLIMS 9 Bulian v9.6.1. The vulnerability is a SQL Injection in the endpoint admin/modules/circulation/loan_rules.php caused by unsanitized input. Documented impact is high (CVSS v3.1: 8.8; Confidentiality/Integrity/Availability all HIGH). ...

Library Management System SQL Injection Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management Systems SLIMS 9 Bulian v9.6.1, which stems from vulnerability to SQL injection...

GHSA-WMPV-C2JP-J2XG ERC1155Supply vulnerability in OpenZeppelin Contracts

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of...

Human Resources Information Technology (eHR) Management Platform suffers from SQL Injection Vulnerability

hereinafter referred to as the same share software focuses on the manufacturing industry, commercial circulation industry, government departments, enterprises and institutions, such as a full range of management software research and development and services, with the domestic industry's well-kno...

CVE-2019-1010034

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" defined at databasecode.php line 1018 is vulnerable to a boolean-based blind sql injection. This function call can be triggered by...

CVE-2019-1010034

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" defined at databasecode.php line 1018 is vulnerable to a boolean-based blind sql injection. This function call can be triggered by...

Slims CMS Senayan Library Management System 7.0 Shell Upload

Exploit Title : Slims CMS Senayan Library Management System 7.0 Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Team Date : 13/02/2019 Vendor Homepage : slims.web.id Software Download Link : github.com/slims/...

SLiMS 8 Akasia Circulation Module Cross-Site Scripting Vulnerability

SLiMS 8 Akasia is an open source, free library management system.Circulation module is one of the circulation modules. A cross-site scripting vulnerability exists in the Circulation module in SLiMS 8 Akasia version 8.3.1. A remote attacker can exploit this vulnerability to obtain an administrator...

Cross site scripting

Reflected Cross-Site Scripting XSS exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loanrules.php?keywords= URI, a related issue to CVE-2017-7242...

CVE-2018-12655

Reflected Cross-Site Scripting XSS exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loanrules.php?keywords= URI, a related issue to CVE-2017-7242...

CVE-2018-12655

Reflected Cross-Site Scripting XSS exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loanrules.php?keywords= URI, a related issue to CVE-2017-7242...