1200 matches found
SUSE CVE-2015-9185
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD...
CVE-2023-25719
ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...
GSD-2023-1002258 net: mdio: validate parameter addr in mdiobus_get_phy()
net: mdio: validate parameter addr in mdiobusgetphy This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commit...
PT-2023-35292 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.231 Description: The issue concerns the validation of the addr parameter in the mdiobus get phy function. This is an automated identification of a potential security issue, but the actual impact and attack...
CVE-2023-25719
ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...
CVE-2023-25719
ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...
CVE-2022-47368
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...
CVE-2022-38681
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...
Canteen Management System SQL Injection Vulnerability (CNVD-2023-08051)
Canteen Management System is a canteen management system. version 1.0 of Canteen Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by parameter id. An attacker could use this vulnerability to execute illegal SQL commands to...
PT-2023-3382 · Samsung · Exynos Modem 5300 +5
Name of the Vulnerable Software and Affected Versions: Exynos Modem 5123 Exynos Modem 5300 Exynos 980 Exynos 1080 Exynos 9110 Exynos Auto T5123 Description: The issue is related to a buffer overflow when decoding an SIP status line, potentially allowing a remote attacker to cause a denial of...
PT-2023-12281 · Unknown · Native-Php-Cms
Name of the Vulnerable Software and Affected Versions: native-php-cms version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cat parameter in the /list.php file, enabling attackers to inject malicious SQL code...
WordPress plugin Compact WP Audio Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. relevant is a relevant content display plugin used in it. wordpress plugin is an...
WordPress plugin Top 10 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin Page-list 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Login Logout Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Landing Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...
Sql injection
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
UBUNTU-CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...