Currency Exchange System /editotheraccount.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editotheraccount.php. An attacker can exploit this vulnerabili...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...

EUVD-2018-17675

Malware in sbrugna...

Online Shoe Store customer_signup.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...

CVE-2024-42183 HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability

BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls...

PT-2023-29885 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists withi...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Personal developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version v1.0 due to a lack of validation of the id parameter in its /admin/updateexpensecategory.php...

LMA ISIDA Retriever Cross-Site Scripting Vulnerability

LMA-ISIDA Retriever is an application of the Russian company LMA-ISIDA. It provides management and information support on enterprise, regional scale. A cross-site scripting vulnerability exists in LMA ISIDA Retriever version 5.2, which stems from the lack of proper validation of client data for...

CVE-2020-6976

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation...

AKUVOX NETWORKS R50P VoIP phone file uploading

AKUVOX NETWORKS R50P VoIP phone is an IP phone from AKUVOX NETWORKS, China. A file upload vulnerability exists in the ringtone upload feature in AKUVOX NETWORKS R50P VoIP phone version 50.0.6.156, which can be exploited to upload script files due to a lack of file and path validation...

Trend Micro Maximum Security tmnciesc Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2017-14977

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack...