PT-2024-26427 · Unknown · Campcodes Complete Online Student Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online Student Management System version 1.0 Description: A vulnerability was found in the processing of the file courses view.php, where the manipulation of the argument FirstRecord leads to cross-site scripting. The attac...

complete-fs.co.uk Cross Site Scripting vulnerability OBB-3908216

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-30849

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...

PT-2024-26767 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the aio complete function. Specifically, list del init careful needs to be the last access to the wait queue entry, as it...

CVE-2024-0609 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping. Th...

CVE-2024-29185 FreeScout OS Command Injection vulnerability

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

CVE-2024-2768

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack...

CVE-2024-2769

CVE-2024-2769 affects Campcodes Complete Online Beauty Parlor Management System 1.0. The vulnerability is a SQL injection in the admin-profile.php file, triggered by manipulating the adminname/email parameter in the /admin/admin-profile.php path. Public exploitation is indicated, with exploit mat...

CVE-2024-2768 Campcodes Complete Online Beauty Parlor Management System edit-services.php sql injection

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack...

CVE-2024-2768 Campcodes Complete Online Beauty Parlor Management System edit-services.php sql injection

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack...

CVE-2024-2767

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated...

CVE-2024-2767

CVE-2024-2767 affects Campcodes Complete Online Beauty Parlor Management System 1.0. The vulnerability is a SQL injection in the /admin/forgot-password.php file caused by unsafely manipulating the email parameter. It can be triggered remotely and exploitation has been disclosed publicly. Connecte...

CVE-2024-2766

Campcodes Complete Online Beauty Parlor Management System 1.0 is affected by a SQL injection vulnerability in the /admin/index.php file, caused by unsafely handling the username parameter. The issue can be exploited remotely and has been publicly disclosed. Several connected sources (including Re...

CLSA-2024-1711026811 kernel: Fix of 7 CVEs

netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-2023-39197 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - media: pvrusb2: fix use after free on context disconnection CVE-2023-52445 - net: prevent mss overflow in skbsegment...

CLSA-2024-1711026398 kernel: Fix of 7 CVEs

netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-2023-39197 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - media: pvrusb2: fix use after free on context disconnection CVE-2023-52445 - net: prevent mss overflow in skbsegment...

CVE-2024-2712

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated...

CampCodes Complete Online Marriage Registration System SQL注入漏洞

CampCodes Complete Online Marriage Registration System is an online marriage registration system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Complete Online Marriage Registration System due to an SQL injection vulnerability in the fromdate parameter of t...

Campcodes Complete Online DJ Booking System SQL注入漏洞

Campcodes Complete Online DJ Booking System is an online DJ booking system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Complete Online DJ Booking System, which originates from a SQL injection vulnerability in the searchdata parameter of the...

PT-2024-21941 · Sourcecodester · Sourcecodester Complete E-Commerce Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Complete E-Commerce Site version 1.0 Description: A critical vulnerability has been found in the SourceCodester Complete E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the...

SourceCodester E-Commerce Site 代码问题漏洞

E-Commerce Site is an e-commerce website. A code issue vulnerability exists in SourceCodester Complete E-Commerce Site version 1.0, which stems from a file upload vulnerability in file /admin/usersphoto.php...