6678 matches found
Remote code execution
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
classroom-engagement-system SQL注入漏洞
classroom-engagement-system is a classroom engagement system by the individual developer Alexander Harding. A SQL injection vulnerability exists in classroom-engagement-system, which stems from a problem with some unknown functionality that can lead to sql injection...
CVE-2015-10036
A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this...
GIGABYTE XTREME GAMING ENGINE < 1.26 Multiple Vulnerabilities
The version of GIGABYTE XTREME GAMING ENGINE installed on the remote host is prior to 1.26. It is, therefore, affected by multiple vulnerabilities as referenced in GIGABYTE security advisory 1801: - The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befor...
PT-2023-10215 · Dronfelipe +1 · Dronfelipe
Name of the Vulnerable Software and Affected Versions: kylebebak dronfelipe affected versions not specified Description: A critical issue has been identified, affecting an unknown functionality, which can be manipulated to lead to sql injection. Recommendations: Apply the patch...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
Important: Red Hat Security Advisory: xorg-x11-server security update
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-1092)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-125062
A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is...
GHSA-F259-H6M8-HM8M exec-local-bin vulnerable to Command Injection
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...
CVE-2022-25923
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...
IDOR allowing to see other users' entries
Description The exporting entry functionality is vulnerable to an IDOR attack. Proof of Concept 1. Create a new entry as an existing user. Let's say the entry's id is 1. 1. Create a new user and login as them. 1. Go to http://localhost:8000/export/1.txt...
NeoXplora 跨站脚本漏洞
NeoXplora is an application by kkokko Personal Developer. NeoXplora suffers from a cross-site scripting vulnerability that stems from some unknown functionality of the component Trainer Handler, which leads to cross-site scripting...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
ISC BIND DoS Vulnerability (CVE-2014-8680) - Windows
ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2022-46584
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%dvap%d.maclist parameter in the kickbanwifimacdeny sub415D7C function...
privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality
Description Due to the privilege escalation issue Low access user can view Admin PRIVATE POST by abusing PIN functionality. PIN functionality is used to pin any post in TOP , by using the Low user Attacker can View the other & high privilege user PRIVATE POST , as per the flow its not PINNING any...
PT-2022-28118 · Hotcrp · Hotcrp
Name of the Vulnerable Software and Affected Versions: HotCRP affected versions not specified Description: A vulnerability was found in HotCRP, rated as problematic. It affects some unknown functionality and leads to cross-site scripting. The attack can be launched remotely. Recommendations: To f...