152 matches found
CVE-2022-31457
RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...
CVE-2022-31457
RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...
Directory traversal
RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...
PT-2023-13040 · Rtx Trap · Rtx Trap
Name of the Vulnerable Software and Affected Versions: RTX TRAP version 1.0 Description: The issue allows attackers to perform a directory traversal via a crafted request sent to the endpoint "/data/". Recommendations: For RTX TRAP version 1.0, as a temporary workaround, consider restricting acce...
RTX 路径遍历漏洞
RTX is RTXteam's prototype translation reasoning tool. A security vulnerability exists in the RTX TRAP v1.0 release. An attacker can perform a directory traversal attack by sending a specially crafted request to the /data/ endpoint...
PT-2023-24194 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...
PT-2023-20867 · Unknown · Sourcecodester Online Exam System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical issue has been found in the SourceCodester Online Exam System, affecting the POST Parameter Handler component in the /kelas/data file. The manipulation of the columns1data...
Online Exam System SQL注入漏洞
Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /jurusan/data of the component POST Parameter Handler, where manipulation of the paramete...
Online Exam System SQL注入漏洞
Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /kelas/data in the component POST Parameter Handler, where manipulation of the parameter...
Online Exam System SQL注入漏洞
Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...
PT-2023-15568 · Unknown · Tramyardg Hotel-Mgmt-System
Name of the Vulnerable Software and Affected Versions: Tramyardg hotel-mgmt-system version 2022.4 Description: The issue concerns SQL Injection, which can be exploited via the /app/dao/CustomerDAO.php endpoint. This allows for potential unauthorized access or manipulation of data. No information ...
CVE-2021-37791
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin...
MyAdmin 安全漏洞
MyAdmin is a backend management system for cdfan personal developers. A security vulnerability exists in MyAdmin v1.0, which stems from an incorrect access control vulnerability when viewing the Personal Center in /api/user/userData?userCode=admin...
PT-2022-17937
Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...
BMC Community Track-It! 授权问题漏洞
BMC Community Track-It! is an It helpdesk software from BMC Community USA. It is used for help desks and helpdesks with asset management. An authorization issue vulnerability exists in BMC Community Track-It! that originates in the GetData endpoint. The issue is caused due to a lack of...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...
U.S. Dept Of Defense: System Error Reveals SQL Information
Hello, While testing your program i came across an endpoint that is leaking sql errors and queries from on of your websites. I use the following google dork to detect this: site:████████ "sql error" Endpoints leaking data: https://www.██████/██████████ https://www.███████/███ Some of the errors...
MunkiReport SQL Injection Vulnerability
Munkireport is a reporting client for munki. A SQL injection vulnerability exists in app/models/tablequery.php in Munkireport versions prior to 5.3.0. An attacker can exploit this vulnerability to inject arbitrary SQL into webquery via the /datatables/data endpoint...
CVE-2020-10190
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint...
Sql injection
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint...