Doctors Appointment System SQL注入漏洞

SourceCodester Doctor Appointment System is an application from SourceCodester USA. It provides an appointment scheduling feature. A SQL injection vulnerability exists in SourceCodester Doctors Appointment System version 1.0, which originates from a security issue in the file create-account.php...

CVE-2023-24656

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function...

PT-2023-19729 · Unknown · Simple Customer Relationship Management System

Name of the Vulnerable Software and Affected Versions: Simple Customer Relationship Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the subject parameter under the Create Ticket function. Recommendations: Fo...

CVE-2023-24652

CVE-2023-24652 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection vulnerability in the Description parameter of the Create ticket function, potentially allowing unauthorized data access/modification. According to the cited metrics, impact is High (C, I, A = ...

CVE-2023-24652

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function...

CVE-2023-24656

CVE-2023-24656 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via the subject parameter in the Create Ticket function, caused by unsanitized input. CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, LOW privileges,...

PT-2023-16725 · Sourcecodester · Sourcecodester Doctors Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Doctors Appointment System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Doctors Appointment System. This issue affects the file create-account.php and is related to the manipulation of...

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

K55580033: iControl REST vulnerability CVE-2022-35728

Security Advisory Description An authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. CVE-2022-35728 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an authenticated user's iControl REST...

K98201023: PostgreSQL vulnerability CVE-2018-16850

Security Advisory Description postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

SUSE CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

SUSE CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...

SUSE CVE-2005-0750

The bluezsockcreate function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via 1 socket or 2 socketpair call with a negative protocol value...

SUSE CVE-2005-1263

The elfcoredump function in binfmtelf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the createelftables function, causes a negative length argument to pass ...

SUSE CVE-2006-2426

Sun Java Runtime Environment JRE 1.5.06 and earlier, JDK 1.5.06 and earlier, and SDK 1.5.06 and earlier allows remote attackers to cause a denial of service disk consumption by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory...

SUSE CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...

SUSE CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

SUSE CVE-2007-3781

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...

SUSE CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

SUSE CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...