Lucene search
+L

152 matches found

osv
osv
added 2023/07/25 10:15 p.m.6 views

CVE-2022-31457

RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...

7.5CVSS5.8AI score0.00916EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/07/25 10:15 p.m.5 views

CVE-2022-31457

RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...

7.5CVSS7.1AI score0.00916EPSS
Exploits0References3
prion
prion
added 2023/07/25 10:15 p.m.21 views

Directory traversal

RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/...

5CVSS7.4AI score0.00916EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2023/07/25 12:0 a.m.4 views

PT-2023-13040 · Rtx Trap · Rtx Trap

Name of the Vulnerable Software and Affected Versions: RTX TRAP version 1.0 Description: The issue allows attackers to perform a directory traversal via a crafted request sent to the endpoint "/data/". Recommendations: For RTX TRAP version 1.0, as a temporary workaround, consider restricting acce...

7.5CVSS7.5AI score0.00916EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/07/25 12:0 a.m.5 views

RTX 路径遍历漏洞

RTX is RTXteam's prototype translation reasoning tool. A security vulnerability exists in the RTX TRAP v1.0 release. An attacker can perform a directory traversal attack by sending a specially crafted request to the /data/ endpoint...

7.5CVSS7.4AI score0.00916EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/05/30 12:0 a.m.8 views

PT-2023-24194 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...

6.5CVSS6.7AI score0.00626EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2023/05/14 12:0 a.m.6 views

PT-2023-20867 · Unknown · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical issue has been found in the SourceCodester Online Exam System, affecting the POST Parameter Handler component in the /kelas/data file. The manipulation of the columns1data...

9.8CVSS7AI score0.0082EPSS
Exploits1References5
cnnvd
cnnvd
added 2023/05/14 12:0 a.m.6 views

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /jurusan/data of the component POST Parameter Handler, where manipulation of the paramete...

9.8CVSS7AI score0.0082EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/05/14 12:0 a.m.7 views

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /kelas/data in the component POST Parameter Handler, where manipulation of the parameter...

9.8CVSS7AI score0.0082EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/05/14 12:0 a.m.21 views

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...

9.8CVSS7AI score0.0082EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/01/13 12:0 a.m.7 views

PT-2023-15568 · Unknown · Tramyardg Hotel-Mgmt-System

Name of the Vulnerable Software and Affected Versions: Tramyardg hotel-mgmt-system version 2022.4 Description: The issue concerns SQL Injection, which can be exploited via the /app/dao/CustomerDAO.php endpoint. This allows for potential unauthorized access or manipulation of data. No information ...

6.5CVSS7AI score0.0071EPSS
Exploits1References4
osv
osv
added 2022/06/30 4:15 p.m.4 views

CVE-2021-37791

MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin...

4.9CVSS5.8AI score0.00798EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/06/30 12:0 a.m.5 views

MyAdmin 安全漏洞

MyAdmin is a backend management system for cdfan personal developers. A security vulnerability exists in MyAdmin v1.0, which stems from an incorrect access control vulnerability when viewing the Personal Center in /api/user/userData?userCode=admin...

4.9CVSS5.3AI score0.00798EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/03/25 12:0 a.m.9 views

PT-2022-17937

Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...

6.1CVSS5.7AI score0.00557EPSS
Exploits1References5
cnnvd
cnnvd
added 2022/01/06 12:0 a.m.8 views

BMC Community Track-It! 授权问题漏洞

BMC Community Track-It! is an It helpdesk software from BMC Community USA. It is used for help desks and helpdesks with asset management. An authorization issue vulnerability exists in BMC Community Track-It! that originates in the GetData endpoint. The issue is caused due to a lack of...

6.5CVSS5.8AI score0.00757EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/07/22 12:0 a.m.7 views

Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...

6.1CVSS5.9AI score0.00792EPSS
Exploits0References3
hackerone
hackerone
added 2021/07/21 12:57 p.m.31 views

U.S. Dept Of Defense: System Error Reveals SQL Information

Hello, While testing your program i came across an endpoint that is leaking sql errors and queries from on of your websites. I use the following google dork to detect this: site:████████ "sql error" Endpoints leaking data: https://www.██████/██████████ https://www.███████/███ Some of the errors...

1AI score
Exploits0
cnvd
cnvd
added 2020/03/10 12:0 a.m.7 views

MunkiReport SQL Injection Vulnerability

Munkireport is a reporting client for munki. A SQL injection vulnerability exists in app/models/tablequery.php in Munkireport versions prior to 5.3.0. An attacker can exploit this vulnerability to inject arbitrary SQL into webquery via the /datatables/data endpoint...

8.8CVSS8AI score0.01238EPSS
Exploits1References1
nvd
nvd
added 2020/03/09 7:15 p.m.12 views

CVE-2020-10190

An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint...

8.8CVSS9AI score0.01238EPSS
Exploits1References2
prion
prion
added 2020/03/09 7:15 p.m.11 views

Sql injection

An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint...

6.5CVSS8.9AI score0.01238EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder