212 matches found
VulnCheck KEV: CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...
Jorani Leave Management System 1.0.2 Host Header Injection Vulnerability
Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested on: Windows 10,...
CVE-2023-4262
Rejected reason: User data field is not attacker controlled...
Buffer overflow
Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled...
CVE-2023-4262
CVE-2023-4262 is associated with a potential buffer overflow in Zephyr’s management subsystem when asserts are disabled (reported by PT-2023-28454). The connected Veracode record cites a buffer overflow in libzephyr.so caused by the CLFS driver, suggesting the attacker could trigger via a special...
CVE-2023-4262
...
Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
...
CVE-2023-41575
Multiple stored cross-site scripting XSS vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters...
Cisco Unified Computing System Fabric Interconnect root Privilege Escalation (CVE-2019-1966)
A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...
CVE-2023-2692
A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/roominfo.php of the component GET Parameter Handler. The manipulation of the argument name leads to cro...
kernel: RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ibcorecleanup KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range 0x0000000000000118-0x000000000000011f CPU: 1 PID: 379 Hardware name: QEMU Standard PC i440FX + PIIX, 1996 RIP:...
Sql injection
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchaseorder/admin/login.php...
K15229: BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220
Security Advisory Description F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. CVE-2014-3220 Impact An authenticated user with limited...
SUSE CVE-2019-19071
A memory leak in the rsisendbeacon function in drivers/net/wireless/rsi/rsi91xmgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering rsipreparebeacon failures, aka CID-d563131ef23c...
SUSE CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read50controllercapcomplete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument caplen leads to null pointer dereference. It is recommended to apply a patch to f...
CVE-2023-0641 PHPGurukul Employee Leaves Management System changepassword.php weak password
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
SUSE-SU-2023:0167-1 Security update for bluez
This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool bsc1204426...
CVE-2022-48090
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php...
CVE-2022-48091
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...
Cross site scripting
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...