194 matches found
CVE-2024-12776
In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...
CVE-2024-32735 CyberPower PowerPanel Enterprise Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
CVE-2014-3650
Multiple persistent cross-site scripting XSS flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input...
CVE-2021-44096
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...
CVE-2021-44095
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database...
Sql injection
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...
Sql injection
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...
Joomla JCalPro Calendar 4.3.26 SQL Injection
Exploit Title : Joomla JCalPro Calendar Components 4.3.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlashack.com anything-digital.com Software Download Link : joomlashack.com/joomla-extensions/jcal/ Software...
WordPress Top-10 Plugin SQL Injection Vulnerability
WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Top-10 is one of the plug-ins that calculates the number of daily visits and total number of visits to each post and...
PHP Address Book SQL Injection Vulnerability (CNVD-2015-00124)
PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A SQL injection vulnerability exists in PHP Address Book, which allows attackers to exploit the vulnerability to compromise an application, access or modify...
OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection
source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
IDevSpot iSupport 1.8 Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19964/info IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and...
Premod SubDog 2 includes/logger_engine.php phpbb_root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...
Actionpoll 1.1 Actionpoll.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23504/info Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...
XAMPP 1.6.x 'showcode.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37999/info XAMPP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this vulnerability to obtain potentially sensitive information an...
Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26041/info Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting th...
bcoos 1.0.10 /myalbum/ratephoto.php lid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. These...
Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Uni-vert PhpLeague 0.82 Joueurs.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19880/info Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. This issue may allow an attacker to compromise the application, access or modify data,...
Full PHP Emlak Script - 'landsee.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30962/info Full PHP Emlak Script is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit this issue to compromise the application, access or modify data,...