925 matches found
CVE-2024-34231
A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter...
CVE-2024-25526
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...
Inductive Automation Ignition 安全漏洞
Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface, and more. Inductive Automation Ignition has a security vulnerability that originates...
PT-2024-31202 · Gescen · Gescen
Name of the Vulnerable Software and Affected Versions: Gescen affected versions not specified Description: The issue allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. This is a SQL injection vulnerability...
Mitel 6800 SIP 和 6900 SIP 安全漏洞
The Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.The Mitel 6800 SIP is a 6800 SIP series IP phone.The Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from insufficient parameter cleanup, which allow...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840
CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...
phpFox 安全漏洞
phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...
CVE-2024-32206
CVE-2024-32206 describes a stored XSS in WUZHICMS v4.1.0, specifically the \affiche\admin\index.php component, where a crafted payload in the $formdata parameter can cause arbitrary web script/HTML execution. The vulnerability is documented across multiple sources (NVD/Red HatOSV/CVE lists) with ...
CVE-2024-32339
WonderCMS v3.4.3 has multiple XSS vulnerabilities on the HOW TO page. The flaws arise from insufficient input filtering/escaping on the HOW TO page, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into parameters. Per sources, this can lead to theft of cookie-based ...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a library for Go golang from HashiCorp, USA, used to download files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions 1.5.9 through 1.7.3 that stems from vulnerability to parameter...
Checkmk 安全漏洞
Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.0.0 through 2.3.0 that stems from the presence of a parameter injection vulnerability...
aEnrich a+HRD 参数注入漏洞
aEnrich a+HRD is an all-around human resource development solution from Acer China aEnrich. A parameter injection vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the file download function of youtube-dl.exe not properly restricting the user input,...
PT-2024-2666
Name of the Vulnerable Software and Affected Versions D-Link DNS-320L affected versions not specified D-Link DNS-325 affected versions not specified D-Link DNS-327L affected versions not specified D-Link DNS-340L affected versions not specified Description A critical issue exists in the HTTP GET...
Commend WS203VICM Parameter Injection Vulnerability
The Commend WS203VICM is a vandalism prevention station with a camera and call button from Commend. The Commend WS203VICM suffers from a parameter injection vulnerability that originates from a vulnerability that allows an unauthenticated, remote attacker to send a crafted message to the web serv...
Commend WS203VICM Parameter Injection Vulnerability
The Commend WS203VICM is a vandalism prevention station with a camera and call button from Commend. A parameter injection vulnerability exists in the Commend WS203VICM that originates from weakly encoding credentials used to transmit the WS203VICM...
CVE-2024-1206
The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-42498
Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...