162 matches found
PT-2024-19584 · Unknown · Boyiddha Automated-Mess-Management-System
Name of the Vulnerable Software and Affected Versions: boyiddha Automated-Mess-Management-System version 1.0 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /member/member edit.php. The manipulation of the name argument leads to...
PT-2024-18890 · Unknown · Sourcecodester Online Mobile Management Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/login.php. The manipulation of the username argument leads to SQL injection. The attack can be...
PT-2024-2012 · Dell · Idrac8
Name of the Vulnerable Software and Affected Versions: Dell Integrated Remote Access Controller 8 iDRAC8 affected versions not specified Description: A command injection vulnerability exists in local RACADM, which is related to incorrect input validation. This issue can be exploited by a maliciou...
PT-2024-18462 · Unknown · Sourcecodester Online Job Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Job Portal version 1.0 Description: A vulnerability was found in the SourceCodester Online Job Portal, affecting some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the Address argument...
PT-2024-20239 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to pass specially crafted offset, limit, and sort parameters to perform SQL injection via the "/novel/userFeedback/list" API endpoint...
PT-2024-17654 · Jspxcms · Jspxcms
Name of the Vulnerable Software and Affected Versions: Jspxcms version 10.2.0 Description: A vulnerability was found in the processing of the file /ext/collect/filter text.do, which leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...
PT-2024-15781 · Unknown · Code-Projects Social Networking Site
Name of the Vulnerable Software and Affected Versions: code-projects Social Networking Site version 1.0 Description: A vulnerability was found in the code-projects Social Networking Site, affecting some unknown functionality of the file message.php of the component Message Page. The manipulation ...
PT-2024-12509 · Gtkwave · Gtkwave
Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a maliciou...
PT-2024-15232 · Unknown · Uniway Router
Name of the Vulnerable Software and Affected Versions: Uniway Router versions up to 2.0 Description: A critical issue affects some unknown functionality of the file /boaform/device reset.cgi of the component Device Reset Handler, leading to denial of service. The attack may be launched remotely...
PT-2023-27969 · Unknown · Jeecg-Boot
Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.3 Description: The issue is an SSTI injection vulnerability that allows remote attackers to execute arbitrary code via a crafted HTTP request to the "/jmreport/loadTableData" component. This enables attackers to...
PT-2023-28112 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue affects Pandora FMS, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Malicious code could be executed in the File Manager sectio...
PT-2023-30283
Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9 Description A remote code execution RCE issue was discovered in SeaCMS via the component /augap/adminip.php. This allows for potential code execution by remote attackers. Recommendations For SeaCMS version 12.9, consider...
PT-2023-32913 · Sourcecodester · Sourcecodester Free/Open Source Inventory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Free and Open Source Inventory Management System version 1.0 Description: A critical issue affects the processing of the file /app/ajax/sell return data.php. The manipulation of the argument columns0data leads to sql injection...
PT-2023-13730 · Nokia · Nokia Nfm-T
Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges...
PT-2023-8533 · Totolink · Totolink Ex1200T
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version 9.3.5u.6146 B20201023 Description: The issue concerns the NTPSyncWithHost function in the cstecgi.cgi file of the TOTOLINK EX1200L router's firmware. It allows for arbitrary command execution due to the lack of proper...
PT-2023-32861 · Code Projects · Point Of Sales/Inventory Management System
Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic. It affects some unknown functionality of the file /main/checkout.php. The manipulation o...
PT-2023-28004 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.1.14 Description: A Cross Site Scripting XSS issue was found in the /admin/store.php component. Recommendations: For Emlog Pro version 2.1.14, consider disabling access to the /admin/store.php component until a patch is...
PT-2023-32715 · Typecho · Typecho
Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: A vulnerability has been found in the Logo Handler component of Typecho, affecting an unknown function of the file /admin/options-theme.php. This issue leads to cross site scripting and can be exploited...
PT-2023-32649 · Unknown · Voovi Social Networking Script
Name of the Vulnerable Software and Affected Versions: Voovi Social Networking Script version 1.0 Description: A SQL injection vulnerability has been reported, affecting the videos.php endpoint in the id parameter. This could allow a remote attacker to send a specially crafted SQL query to the...
PT-2023-32653 · Unknown · Bigprof Online Clinic Management System
Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the /clinic/events view.php...