39 matches found
PT-2024-19640 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue is related to a Cross Site Scripting vulnerability in the num parameter, allowing a remote attacker to run arbitrary code via a crafted URL. Recommendations: For eyoucms version 1.6.5, consider...
trello-octometric SQL注入漏洞
trello-octometric is a small project by the individual developer Jade Bilkey to execute metrics on trello boards over time. trello-octometric suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter num can lead to sql injection...
PT-2022-27926 · Trendnet · Tew755Ap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the setlogo num parameter in the icp setlogo img sub 41DBF4 function. Recommendations: For version 1.13B01, as a temporary workaround, consider...
DEBIAN-CVE-2020-6096
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...
Sql injection
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...
CVE-2017-11582
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...
CVE-2017-11582
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...
CVE-2017-11582
CVE-2017-11582 concerns dayrui FineCms 5.0.9, with a SQL Injection vulnerability in the libraries/Template.php file. The flaw is exploitable via the num parameter in requests for action=related or action=tags, enabling a remote attacker to execute arbitrary SQL commands. Multiple sources in the c...
SQL Injection Vulnerability in Taiwan Yicheng Web Design Company's Website Building System
Yee Seng Technology website building system is a content management system template developed by Yee Seng Technology in Taiwan. A SQL injection vulnerability exists in the num parameter in the show.php page of the ArtShing Technology website builder system, which can be exploited by attackers to...
Cross site scripting
Cross-site scripting XSS vulnerability in publichtml/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action...
CVE-2012-2741
Cross-site scripting XSS vulnerability in publichtml/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action...
phpList -- SQL injection and XSS vulnerability
Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...
DEBIAN-CVE-2011-4923
Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...
DEBIAN-CVE-2011-3361
Cross-site scripting XSS vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi...
Cross site scripting
Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...
PT-2012-2000
Name of the Vulnerable Software and Affected Versions: BackupPC versions 3.0.0 through 3.2.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to "index.cgi", related to the log file viewer...
CVE-2011-3361
Cross-site scripting XSS vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi...
Sql injection
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2002-2296
Cross-site scripting XSS vulnerability in YaBB.pl in Yet Another Bulletin Board YaBB 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter...