179 matches found
PHPGurukul Restaurant Table Booking System 注入漏洞
Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter fullname of the add-subadmin.php file. An attacker...
CVE-2020-6191
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation...
Maid Hiring Management System /admin/search-maid.php File Cross-Site Scripting Vulnerability
Maid Hiring Management System is a maid hiring management system. The Maid Hiring Management System suffers from a cross-site scripting vulnerability that stems from a lack of sufficient input validation of the searchdata parameter in file /admin/search-maid.php. An attacker could use this...
CVE-2024-55546 Stored Cross-Site Scripting
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting XSS.This issue affects IAP-420 version 2.01e and below...
PT-2024-36544 · Oring · Oring Iap-420
Name of the Vulnerable Software and Affected Versions: ORing IAP-420 versions 2.01e and below Description: The issue is caused by missing input validation in the web interface of ORing IAP-420, allowing stored Cross-Site Scripting XSS. This enables attackers to store malicious scripts on the...
PT-2024-10296 · Planet Technology +1 · Planet Wgs-804Hpt +2
The affected product is susceptible to a stack-based buffer overflow, which can be triggered by an unauthenticated attacker sending a malicious HTTP request. The webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. An exploit f...
CVE-2024-7775
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
PT-2024-38571 · Bit Form · The Contact Form By Bit Form
Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...
The vulnerability of the l2cap_le_flowctl_init() function in the Linux kernel’s Bluetooth protocol implementation allows a attacker to cause a service failure.
The vulnerability of the l2capleflowctlinit function in the net/bluetooth/l2capcore.c module of the Linux operating system’s Bluetooth kernel implementation is related to the lack of input data validation. Exploiting this vulnerability could allow a remote attacker to cause service failures...
CVE-2024-5421
Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below...
CVE-2024-5421 Authenticated Command Injection
Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below...
CVE-2024-5410
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting XSS.This issue affects IAP-420 version 2.01e and below...
CVE-2024-5411 Command Injection
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysOperLogMapper.xml findPage...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the authRoleList function in the...
PHPGurukul Small CRM SQL注入漏洞
Small CRM is a customer relationship management system. A SQL injection vulnerability exists in Small CRM, which stems from a lack of validation of externally-entered SQL statements in the change password handler. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
CVE-2023-47355
The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...
CVE-2023-47355
The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...
CVE-2023-46800
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
Visitor Management System SQL注入漏洞
Visitor Management System is a visitor management system. A SQL injection vulnerability exists in Visitor Management System v1.0, which originates from the parameter id of manageuser.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...