1427 matches found
Design/Logic Flaw
Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...
CVE-2023-3862
A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be...
Cross site scripting
A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be...
PT-2023-26534 · Unknown · Travelmate Travelable Trek Management Solution
Name of the Vulnerable Software and Affected Versions: Travelmate Travelable Trek Management Solution version 1.0 Description: A vulnerability was found in the component Comment Box Handler of the Travelmate Travelable Trek Management Solution. The manipulation of the comment argument leads to...
Sql injection
A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/syssqlquery.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of...
CVE-2023-3839 DedeBIZ sys_sql_query.php sql injection
A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/syssqlquery.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of...
CVE-2023-3839 DedeBIZ sys_sql_query.php sql injection
A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/syssqlquery.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of...
Design/Logic Flaw
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...
CVE-2023-3803 Chengdu Flash Flood Disaster Monitoring and Warning System File Name ImageStationDataService.asmx random values
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...
CVE-2023-3763
A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an...
CVE-2023-3763 Intergard SGS SQL Query cleartext transmission
A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an...
CVE-2023-3761
CVE-2023-3761 concerns Intergard SGS 8.7.0, specifically a vulnerability in the Password Change Handler that causes cleartext transmission of sensitive information. Exploitation is network-based and can be attempted remotely, with the attack having high impact on confidentiality and no impact on ...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack i...
CVE-2023-3091 Captura CRYPTBASE.dll uncontrolled search path
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack i...
PT-2023-23040 · Unknown +1 · Cryptbase.Dll +1
Name of the Vulnerable Software and Affected Versions: Captura versions up to 8.0.0 Description: A critical vulnerability was found in Captura, affecting unknown code in the library CRYPTBASE.dll. The manipulation leads to an uncontrolled search path. Attacking locally is a requirement, and the...
CVE-2023-2900
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...
CVE-2023-1506
A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument UUSERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack...
CVE-2023-1502
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/editcustomer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP5 AND...
Sql injection
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/editcustomer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP5 AND...
CVE-2023-1505 SourceCodester E-Commerce System setDiscount.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND SELECT 8973 FROM...