21 matches found
EUVD-2009-2588
Malware in sbrugna...
EUVD-2008-1496
Malware in sbrugna...
EUVD-2009-4561
Malware in sbrugna...
EUVD-2009-4562
Malware in sbrugna...
CVE-2025-11038
A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available t...
PT-2025-39679
Name of the Vulnerable Software and Affected Versions itsourcecode Online Clinic Management System version 1.0 Description A flaw exists in itsourcecode Online Clinic Management System version 1.0. The issue involves the potential for SQL injection through manipulation of the ID argument in a...
PT-2025-37006
Name of the Vulnerable Software and Affected Versions: WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.28 Description: The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to unauthorized data access. This is due to the absence of a capabili...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...
WordPress SQL注入漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The WordPress WP Visitor Statistics plugin has a SQL injection vulnerability in versions prior to 4.8. The...
Sql injection
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Sql injection
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the userid parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the 2 user username and 3 pass passwor...
CVE-2009-4596
Cross-site scripting XSS vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the supid parameter in a suppliers details action...
Sql injection
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action...
Cross site scripting
Cross-site scripting XSS vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action...
CVE-2009-2594
Cross-site scripting XSS vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action...
CVE-2009-2593
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action...
CVE-2009-2594
CVE-2009-2594 is an XSS vulnerability in censura.php (Censura 1.16.04) that lets remote attackers inject arbitrary web script or HTML via the itemid parameter in a details action. Affected component: censura.php in Censura 1.16.04. Root cause/attack method not explicitly detailed beyond XSS. Impa...
CVE-2008-4349
Multiple cross-site scripting XSS vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 page parameter in a details action...
Sql injection
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action...
CVE-2008-1165
Multiple cross-site scripting XSS vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via 1 a forced SQL error message or 2 oldvalue and newvalue database fields in task summaries, related to the itemsummary parameter in a details action...