CVE-2024-12776

In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...

CVE-2024-32735 CyberPower PowerPanel Enterprise Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

CVE-2014-3650

Multiple persistent cross-site scripting XSS flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input...

CVE-2021-44096

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...

CVE-2021-44095

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database...

Sql injection

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

Sql injection

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

Joomla JCalPro Calendar 4.3.26 SQL Injection

Exploit Title : Joomla JCalPro Calendar Components 4.3.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlashack.com anything-digital.com Software Download Link : joomlashack.com/joomla-extensions/jcal/ Software...

WordPress Top-10 Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Top-10 is one of the plug-ins that calculates the number of daily visits and total number of visits to each post and...

PHP Address Book SQL Injection Vulnerability (CNVD-2015-00124)

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A SQL injection vulnerability exists in PHP Address Book, which allows attackers to exploit the vulnerability to compromise an application, access or modify...

OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

Systeme de vote pour site Web 1.0 Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/25335/info 'Systeme de vote pour site Web' is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromis...

IDevSpot iSupport 1.8 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19964/info IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and...

Premod SubDog 2 includes/logger_engine.php phpbb_root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...

NPDS Versions Prior to 08.06 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/33051/info NPDS is prone to multiple input-validation vulnerabilities: - Multiple local file-include vulnerabilities - An HTML-injection vulnerability - Multiple SQL-injection vulnerabilities - Multiple cross-site scripti...

Actionpoll 1.1 Actionpoll.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23504/info Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...

XAMPP 1.6.x 'showcode.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37999/info XAMPP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this vulnerability to obtain potentially sensitive information an...

Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26041/info Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting th...

bcoos 1.0.10 /myalbum/ratephoto.php lid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. These...

Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...