1180 matches found
Unsafe Reflection
Overview stimulusreflex is an exciting new way to build modern, reactive, real-time apps with Ruby on Rails. Affected versions of this package are vulnerable to Unsafe Reflection due to the handling of websocket messages that allow specifying a classname and methodname. An attacker can manipulate...
BIT-MEDIAWIKI-2021-36129
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...
Huawei HarmonyOS and EMUI Denial of Service Vulnerability (CNVD-2024-31073)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...
Input validation
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
CVE-2023-2252
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...
Privilege escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-6991
The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...
CVE-2023-6552 Open redirect in TasmoAdmin
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability...
Improper Web Parameter Validation
httparty is the vulnerability of External Control of Assumed-Immutable Web Parameter. The vulnerability is caused due to The lack of escaping of the " Double-Quote character in Content-Disposition filename. This allows the attacker to modify the application data...
CVE-2023-49666 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmerdetails' parameter of the submitmateriallist.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49625 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylisteditsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
VulnCheck KEV: CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...
VulnCheck KEV: CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...
PT-2023-31294 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...
PT-2023-29418 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the "/update.php?q=quiz" resource does not validate the characters received, and they are sent...
PT-2023-29417 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the fdid parameter of the "/update.php" resource does not validate the characters received, and they are...
PT-2023-29414 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the "/update.php?q=addqns" resource does not validate the characters received and they are sent...
CVE-2023-25644
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...