1447 matches found
Shopping Portal ProVersion 3.0 - Authentication Bypass
Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0...
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
Design/Logic Flaw
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
CVE-2019-19813
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c, btrfsqgroupfreemeta in...
CVE-2019-2195
In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
tcpdump buffer overflow vulnerability (CNVD-2019-40789)
tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capture etc. The 'rxcachefind' and 'rxcacheinsert' functions in the print-rx.c file of the Rx parser in versions of tcpdump prior to 4.9.3 have a buffer...
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
Sql injection
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
Oracle Database Server Core RDBMS Component Input Validation Error Vulnerability
Oracle Database Server is a set of relational database management system of Oracle Oracle. The database management system provides data management, distributed processing and other functions.Core RDBMS is one of the relational database core components. An input validation error vulnerability exis...
UBUNTU-CVE-2018-14466
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rxcachefind and rxcacheinsert...
WordPress insert-php plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress insert-php plugin versions prior to 2.2.8. The...
CVE-2019-16289
The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...
Design/Logic Flaw
The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...
CVE-2019-16289
CVE-2019-16289 concerns the WordPress plugin insert-php (Woody ad snippets) , affected versions prior to 2.2.8. The vulnerability allows authenticated Cross-Site Scripting (XSS) through the winp_item parameter . Red Hat and CVE listings consistently describe the issue as an authenticated XSS flaw...
CVE-2019-16289
The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...
CVE-2019-15029
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...
CVE-2017-18586
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...
Directory traversal
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...