15492 matches found
CVE-2023-1857
CVE-2023-1857 impacts SourceCodester Online Computer and Laptop Store 1.0. The vulnerability is a cross-site scripting flaw in the admin file for managing products, specifically /admin/?page=product/manage_product&id=2, where manipulating the Product Name parameter (due to insufficient input filt...
SourceCodester Online Computer and Laptop Store 跨站脚本漏洞
Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in...
CVE-2023-1826 SourceCodester Online Computer and Laptop Store index.php unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\systeminfo\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the atta...
CVE-2023-1826
CVE-2023-1826 concerns SourceCodester Online Computer and Laptop Store 1.0. The vulnerability affects an unknown portion of php-ocls\admin\system_info\index.php where the attacker can manipulate the non-sanitized img parameter to upload arbitrary files, enabling remote code execution. Public writ...
Online Computer and Laptop Store 代码问题漏洞
Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to arbitrary file uploads. The vulnerability stems from a lack of validation of uploaded files in the...
CVE-2023-1765
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2...
CVE-2023-1765
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2...
CVE-2023-1766
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akbim Computer Panon allows Reflected XSS. This issue affects Panon: before 1.0.2...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2...
CVE-2023-1766 XSS in Panon
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akbim Computer Panon allows Reflected XSS. This issue affects Panon: before 1.0.2...
CVE-2023-1766
The CVE-2023-1766 entry concerns Akbim Computer Panon with a reflected XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are Panon before 1.0.2. The vulnerability could allow an attacker to execute script in a victim’s browser in contexts w...
CVE-2023-1765 SQLi in Panon
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2...
CVE-2023-1765
CVE-2023-1765 affects Panon (Akbim Computer Panon) with an SQL injection vulnerability due to improper neutralization of a special element in SQL commands; affected versions are before 1.0.2. The CVSS 3.1 base score is 9.8 (CRITICAL) with Network attack vector, no privileges required, user intera...
CVE-2023-1765 SQLi in Panon
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2...
UK Runs Fake DDoS-for-Hire Sites
Brian Krebs is reporting that the UKs National Crime Agency is setting up fake DDoS-for-hire sites as part of a sting operation: The NCA says all of its fake so-called "booter" or "stresser" sites - which have so far been accessed by several thousand people--have been created to look like they...
MAL-2023-607 Malicious code in mobilecoin-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4739ef2ec2f66acd195041b4cc6c271f5158fb855ec4319ae141dc9e86b95d31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-653 Malicious code in omnigodz_testpkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b71e35f587d48902bd1b3b26de78a66c82c7f28faf7e7d339b607497d40cc318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-470 Malicious code in gd-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 190b8c40ae199e301f0ec2e1364caac0d49271c7fd8cc7ea7192502f06e2945c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gd-apply (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28fa196d02660fc75efc9c71f8cf8ee2ddc35286c432de6b7aa4f801a00a0013 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...