CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

CVE-2023-31941

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employeeinsert.php...

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

CVE-2023-31941

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employeeinsert.php...

Online Travel Agency System 跨站脚本漏洞

Online Travel Agency System is an online travel agency system. Online Travel Agency System v1.0 version of a cross-site scripting vulnerability, the vulnerability stems from the insert.php parameter description of the user-supplied data lack of effective filtering and escaping, an attacker can...

Online Travel Agency System 代码问题漏洞

Online Travel Agency System is an online travel agency system by Qaseem Hilal, an individual developer. A security vulnerability exists in Online Travel Agency System version 1.0, which originates from a file upload vulnerability in the file employeeinsert.php. The vulnerability can be exploited ...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418

CVE-2023-39418 affects PostgreSQL: the MERGE command can bypass row security policies for UPDATE and SELECT, allowing insertion of rows that should be disallowed when policies conflict. Public advisories (Debian, Red Hat, AlmaLinux, Canonical/Ubuntu, Cloud Foundry) confirm a fix is available in p...

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.13.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

Use-after-free in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to MySQL Server accessible data...

Oracle Application Express 安全漏洞

Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability in Application Express Administration in Oracle Application Express can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to certain...

vitre-insert-cheminee.fr Cross Site Scripting vulnerability OBB-3512243

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-25704 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.31 Description: Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege...

CVE-2023-3503

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2023-3503 SourceCodester Shopping Website insert-product.php unrestricted upload

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2023-3503 SourceCodester Shopping Website insert-product.php unrestricted upload

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

SourceCodester Shopping Website 代码问题漏洞

SourceCodester Shopping Website is a shopping website type CMS. A code issue vulnerability exists in SourceCodester Shopping Website version 1.0, which stems from a problem with the file insert-product.php that can lead to unrestricted file uploads...