EUVD-2023-0385

Malicious code in bioql PyPI...

WordPress plugin Quiz Maker Business, Developer, and Agency 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Insurance Management System 安全漏洞

Insurance Management System is an insurance management system by the individual developer Angel Jude Reyes Suarez. A security vulnerability exists in Insurance Management System version 1.0, which stems from the manipulation of the parameter CLIENT ID in the file addClient.php that can lead to...

CVE-2024-22718

CVE-2024-22718 is an XSS in Form Tools 3.1.1 via the client_id parameter in the application URL. Multiple sources (NVD/Red Hat/CNNVD/CVELIST) confirm a high-severity vulnerability with CVSS v3.1: base score 9.6 (CRITICAL, AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The Red Hat entry and other issuances...

PT-2024-19537 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the client id parameter in the application URL. This enables attackers to potentially execute malicious scripts on the...

SUSE CVE-2023-0290

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

CVE-2023-0290 Rapid7 Velociraptor directory traversal in client ID parameter

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

CVE-2022-29999

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?clientid=...

PT-2022-19958 · Unknown · Insurance Management System

Name of the Vulnerable Software and Affected Versions: Insurance Management System version 1.0 Description: The issue allows for SQL Injection via the "/insurance/editClient.php" endpoint, specifically through the client id variable. This could potentially lead to unauthorized access or...

Accellion File Transfer Appliance SQL Injection Vulnerability

Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. Accellion FTA A SQL injection vulnerability exists in the home/seos/courier/securitykey2.api file in versions...

CVE-2016-2351

SQL injection vulnerability in home/seos/courier/securitykey2.api on the Accellion File Transfer Appliance FTA before FTA91240 allows remote attackers to execute arbitrary SQL commands via the clientid parameter...