EUVD-2022-5645

Malicious code in bioql PyPI...

EUVD-2023-0921

Malicious code in bioql PyPI...

Code-Projects Simple Car Rental System 注入漏洞

Code-Projects Simple Car Rental System is an open source car rental software from Code-Projects. An injection vulnerability exists in Code-Projects Simple Car Rental System version 1.0, which stems from incorrect manipulation of the parameters fname, idno, gender, email, phone, and location can...

PT-2024-17147 · Unknown · Code-Projects Simple Car Rental System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Car Rental System version 1.0 Description: A critical issue has been found in the code-projects Simple Car Rental System. The problem is related to an unknown function of the file /book car.php, where the manipulation of...

CVE-2021-36398

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...

CVE-2022-37794

In Library Management System 1.0 the /card/in-card.php file idno parameters are vulnerable to SQL injection...

GHSA-H7H6-FWPV-GGVX Moodle contains Stored XSS via ID number user profile field

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

CVE-2021-20279

A flaw was found in moodle. The ID number user profile field requires additional sanitizing to prevent a stored XSS risk. Mitigation Disable the ID number field by unchecking it in Site admin Users User policies Show user identity, until the patch has been applied...

CVE-2021-36718 SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure

SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data Employee name, Employee ID number, Working hours etc' The vulnerabilety has been addressed and fixed on version 11. Default credentials ,...

CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. This has been fixed in 5.12-rc4...

OwnCloud Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-18359)

OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. A privilege permission and access control issue vulnerability exists in OwnCloud Server, which can be exploited by an attacker to access any version of any file by sending a request with a...

PT-2021-13871 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: moodle versions prior to 3.10.2 moodle versions prior to 3.9.5 moodle versions prior to 3.8.8 moodle versions prior to 3.5.17 Description: The ID number user profile field required additional sanitizing to prevent a stored XSS risk...

CVE-2020-36252

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number...

U.S. Dept Of Defense: Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password

Summary: I was able to crack the password to the ████████ located at ██████, as the pdf was protected with a weak password contained in a common word list. This guide contains steps to set-up the ███████ secure communication application with the unprotected configuration file located at██████████...

CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fnssraddstsubmit function and fnssrdelstsubmit function in functions.php only require knowing the student id number...

Cross-Site Scripting (XSS)

Moodle is susceptible to cross-site scripting XSS attacks. The attacks are possible because the idnumber field used in the administration of cohorts is not properly escaped. The artifact is due to incorrect fix for CVE-2012-2365...

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...

Fast payment and some credit card functions whether there is a defect? Know Bank card number and Expiration Date can consumer-vulnerability warning-the black bar safety net

Someone once broke a credit card just know the card number and expiration date on the CAN in some of the website on any purchase, while various payment products such as tenpay, Alipay launched fast pay only need to provide Bank card number, ID number, name, and phone number can be opened fast...

Kyocera Mita Scanner File Utility 3.3.0.1 File Transfer Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30855/info Kyocera Mita Scanner File Utility is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to create and overwrite arbitrary...

2DayBiz Matrimonial Script SQL Injection and Cross Site Scripting

No description provided by source. $------------------------------------------------------------------------------------------------------------------- $ 2daybiz Matrimonial Script SQL Injection and Cross Site Scripting Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :...