Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...

EUVD-2007-1300

Malware in sbrugna...

PT-2025-30303 · Unknown · Church Donation System

Name of the Vulnerable Software and Affected Versions: Church Donation System version 1.0 Description: A critical issue exists in an unknown functionality of the file /members/add members.php. Manipulation of the mobile argument can lead to SQL injection. The attack can be launched remotely. The...

PT-2025-23550 · Weblaudos · Weblaudos

Name of the Vulnerable Software and Affected Versions: WebLaudos version 24.2 04 Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the id parameter. This enables the attacker to access confidential data. Recommendations: For WebLaudos version 24...

PT-2025-11552 · Unknown · Online Exam Mastering System

Name of the Vulnerable Software and Affected Versions: Online Exam Mastering System version 1.0 Description: A SQL injection vulnerability in the Online Exam Mastering System allows a remote attacker to execute arbitrary code via the fid parameter. This issue enables attackers to potentially acce...

PT-2025-2798 · Unknown · Compop.Ca Online Mall

Name of the Vulnerable Software and Affected Versions: compop.ca ONLINE MALL version 3.5.3 Description: An issue in compop.ca ONLINE MALL allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. Recommendations: For compop.ca ONLINE MALL version 3.5.3, consider...

PT-2025-1821 · Woocommerce · Wc Affiliate

Name of the Vulnerable Software and Affected Versions: WC Affiliate – A Complete WooCommerce Affiliate Plugin versions up to, and including, 2.4 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allow...

PT-2024-13079 · Unknown · My Food Recipe Using Php With Source Code

Name of the Vulnerable Software and Affected Versions: My Food Recipe Using PHP with Source Code version 1.0 Description: The issue allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters. This enables the attacker to perfo...

PT-2023-31035 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. This enables the attacker to potentially gain...

PT-2023-25549 · Audimexee · Audimexee

Name of the Vulnerable Software and Affected Versions: Audimexee version 14.1.7 Description: The issue is a SQL injection vulnerability that can be exploited via the p table name parameter. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or...

PT-2023-23546

Name of the Vulnerable Software and Affected Versions MStore API plugin for WordPress versions up to, and including, 4.0.1 Description The issue allows unauthenticated attackers to perform Blind SQL Injection via the id parameter due to insufficient escaping on user-supplied parameters and lack o...

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

PT-2023-15907 · WordPress · Backupbuddy

Name of the Vulnerable Software and Affected Versions: BackupBuddy WordPress plugin versions prior to 8.8.3 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the BackupBuddy WordPress plugin does not properly sanitise and escape some parameters before outputti...

PT-2022-5714 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to buffer overflow errors in the NETGEAR R7000P router's embedded software. Exploitation of this issue may allow a remote attacker to execute arbitrary code through the apmode...

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin...

Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715 The ActionScript parameter conversion in the fix for issue 403 https://code.google.com/p/google-security-research/issues/detail?id=403 can sometimes access a parameter on the...

Mandriva Linux Security Advisory : struts (MDVSA-2014:095)

Updated struts packages fix security vulnerability : It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...