6047 matches found
CVE-2024-10129
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/createshare.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely...
PT-2024-16050 · Unknown · Hfo4 Shudong-Share
Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share versions up to 2.4.7 Description: A critical vulnerability has been found in HFO4 shudong-share, affecting an unknown part of the file /includes/create share.php of the component Share Handler. The manipulation of the...
shudong-share SQL注入漏洞
shudong-share is a free and open source PHP extranet system by AaronLiu's personal developer. A SQL injection vulnerability exists in shudong-share 2.4.7 and earlier versions, which originates from the parameter fkey in the file /includes/createshare.php of Share Handler, which can lead to SQL...
CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
UBUNTU-CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
WordPress plugin Forminator Forms 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
CVE-2023-32194
A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...
CVE-2024-21233
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...
CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...
CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...
kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system...
PT-2024-39587 · WordPress · The Forminator Forms
Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...
CVE-2024-21251
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net t...
CVE-2024-21233
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...
VulnCheck KEV: CVE-2023-7291
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createmollieaccount function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...
CVE-2024-9815
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...
CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...
CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...
PT-2024-39860 · Codezips · Codezips Tourist Management System
Name of the Vulnerable Software and Affected Versions: Codezips Tourist Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/create-package.php. The manipulation of the packageimage argument leads to...