CVE-2023-27213

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php...

CVE-2022-37242

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter...

CVE-2022-37242

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter...

PT-2022-23886 · Mdaemon Technologies · Mdaemon Technologies Securitygateway For Email Servers

Name of the Vulnerable Software and Affected Versions: MDaemon Technologies SecurityGateway for Email Servers version 8.5.2 Description: The issue concerns HTTP Response splitting, which occurs via the data parameter. This allows for potential manipulation of HTTP responses. Recommendations: For...

Alt-N MDaemon 注入漏洞

Alt-N MDaemon is a mail service system from Alt-N Corporation that provides complete mail server functionality, protects users from spam, enables web login to send and receive emails, supports remote management, and protects the system against email viruses when used in conjunction with the MDaem...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

CVE-2022-31382

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php...

VulnCheck KEV: CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

GHSA-R68M-WQ3X-2HQW OpenTSDB Cross-site Scripting vulnerability

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter json to the /q URI...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2022-34641)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.Spotweb is vulnerable to cross-site scripting, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the dataperformredirect parameter...

UBUNTU-CVE-2021-43725

There is a Cross Site Scripting XSS vulnerability in SpotPagelogin.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the dataperformredirect parameter...

WordPress WP Email Users plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...

CVE-2021-24424

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Jannah WordPress theme versions prior to...

CVE-2020-23522

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data Password parameter...

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

WordPress FV Flowplayer Video Player 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. relevant is a relevant content display plugin used in it. A cross-site...