CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

PT-2026-20260

Name of the Vulnerable Software and Affected Versions Jorani versions prior to 1.0.5 Description A SQL injection issue exists in the alldayoffs feature of the software. An authenticated attacker can execute arbitrary SQL commands through the entity parameter. Recommendations Update to version 1.0...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

PT-2023-6139 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP versions 2.8.0 through 2.9.2 Description: The issue is related to a command injection vulnerability. It allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in the /ajax/networking/ge...

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)

This update for libxml2 fixes the following issues : - Fix NULL dereference in xpointer.c when in recovery mode bsc1014873 - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS bsc1017497 -...

Apple Mac OS X 'entity' Parameter Cross-Site Scripting Vulnerability

Apple Mac OS X is a commercial operating system. A cross-site scripting vulnerability exists in the Apple Mac OS X 'entity' parameter. Because the program fails to properly filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary script code in the browser of a...

PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...