CVE-2021-31703

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...

CVE-2024-46336

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...

EUVD-2024-55094

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...

CVE-2024-46336

CVE-2024-46336 affects Kashipara School Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw in /client_user/feedback.php caused by an unvalidated parameter. The issue is documented across Red Hat, NVD, CNNVD and CVE listings with a CVSS v3.1 base score of 6.1 (Medium). N...

EUVD-2022-39674

Malicious code in bioql PyPI...

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

CVE-2024-4725

A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientuser. The manipulation of the argument fname leads to cross site scripting. The attack can be launched...

CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, a German company. A cross-site scripting vulnerability exists in the SAP CRM WebClient UI that stems from not adequately coding user-controlled input. An attacker exploiting the vulnerability could read and modify some sensitive...

CVE-2022-34278

creationtimestamp| type| source ---|---|--- 2022-07-12 14:20:13+00:00| seen| https://t.me/cibsecurity/45971...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2022-50947)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...

Code injection

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...

Client Management System 1.0 - 'searchdata' SQL injection

Exploit Title: Client Management System 1.0 - 'searchdata' SQL injection Date: 26/10/2020 Exploit Author: Serkan Sancar Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841 Version: 1.0 Teste...

Mobiketa 3.5 - SQL Injection

Mobiketa 3.5 - SQL Injection Exploit Title: Mobiketa - Complete Mobile Marketing v3.5 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

Remote command execution in Ruby Gem Command Wrap

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/commandwrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the...

CA ARCServe Backup for Laptops and Desktops LGServer Service Code Execution (CVE-2008-1328)

Computer Associates ARCserve Backup for Laptops and Desktops provides backup and data recovery for remote, mobile, and desktop computers. In general, a backup system is comprised of a server and multiple clients, also known as agents. The server establishes, organizes, and controls all of the...

Design/Logic Flaw

Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a prox...