Phpgurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...

CVE-2025-40702

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2024-20473

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

Command Injection

gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused due to inadequate input validation during the previewing of changes, allowing an attacker to inject arbitrary commands...

PT-2024-13008 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The system is exposed to potential remote code execution risks due to inadequate input validation. Attackers can exploit this by appending shell commands to the Speed-Measurement featur...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from Inadequate input validation can lead to a SQL injection vulnerability at the Tree data entry point...

Cross Site Scripting (XSS)

phpxmlrpc/extras is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input validation within the documentingxmlrpcserver class when processing the GET methodName parameter, which allows attackers to execute malicious scripts in the context of the user's browser,...

Prototype Pollution

@apidevtools/json-schema-ref-parser is vulnerable to Prototype Pollution. The vulnerability is due to inadequate input validation in the bundle, parse, resolve, and dereference functions, allowing a remote attacker to execute arbitrary code...

Local File Inclusion (LFI)

gregwar/rst is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation, allowing an attacker to manipulate file paths to read arbitrary files...

Denial Of Service (DoS)

ryu is vulnerable to Denial of service. The vulnerability is due to inadequate input validation when the length=0 within the OFPHello function in parser.py, which results in an infinite loop...

Buffer Overflow

GifLib Project GifLib v.5.2.1 is vulnerable to a Buffer Overflow Vulnerability. The vulnerability is due to inadequate input validation in the DumpSCreen2RGB function within gif2rgb.c, which could be exploited by a local attacker to access sensitive information...

CVE-2023-4667 Stored Cross Site Scripting in webserver administration

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

CVE-2023-4667 Stored Cross Site Scripting in webserver administration

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

CVE-2022-29167

A regular expression denial of service ReDoS was found in Hawk in its header parsing functionality. The issue arises from inadequate input validation in the Hawk.utils.parseHost function when processing untrusted input with regular expressions. This flaw allows an attacker to send a specially...

Cisco Prime Access Registrar 跨站脚本漏洞

Cisco Prime Access Registrar Cpar is a 3gpp-compliant Aaa server software from Cisco USA. It is used to provide scalability. A cross-site scripting vulnerability exists in Cisco Prime Access Registrar that stems from inadequate validation of user-supplied input in the web-based management...

PT-2019-19182 · Apple · Itunes

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A denial of service issue exists due to inadequate input validation, allowing attackers to cause a denial of service. Recommendations: At the moment, there is no information about a...

Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836)

Summary The IBM MQ console has inadequate input validation in one of its forms that could allow an attacker to inject unintended data into fields. Vulnerability Details CVEID: CVE-2018-1836 DESCRIPTION: IBM MQ Console is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Fortinet Single Sign On Hello Message Multiple Vulnerabilities (CVE-2015-2281)

Multiple Vulnerabilities exists in Fortinet Single Sign On FSSO. The vulnerabilities are due to a lack of adequate validation of user supplied input when processing HELLO messages. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a specially crafted HELLO message ...

Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL

Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...