79 matches found
PT-2024-27770 · Vermeg · Vermeg Agilereporter
Name of the Vulnerable Software and Affected Versions: Vermeg Agile Reporter version 23.2.1 Description: The issue is a stored cross-site scripting XSS that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast...
PT-2024-26458 · Unknown · Diño Physics School Assistant
Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view item. Manipulating the argument id can result in SQL injection...
PT-2024-26450 · Unknown · Diño Physics School Assistant
Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts unidentified code within the file /classes/SystemSettings.php?f=update settings. Manipulating the name parameter results in cross-site...
PT-2024-26320 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/homePro deal.php" with parameters mudi, dataType, and dataTypeCN. This issue allows for unauthorized requests. Recommendations: F...
PT-2024-24200 · Unknown · Gin-Vue-Admin
Name of the Vulnerable Software and Affected Versions: sanluan flipped-aurora gin-vue-admin versions 2.4.x Description: An issue in the Session Expiration component allows an attacker to escalate privileges. Recommendations: For versions 2.4.x, consider restricting access to the Session Expiratio...
PT-2024-23076
Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to...
PT-2024-12052 · Unknown · Mt Safeline X-Ray X3310
Name of the Vulnerable Software and Affected Versions: MT Safeline X-Ray X3310 webserver version NXG 19.05 Description: An HTML injection issue exists that allows a remote attacker to render malicious HTML, potentially obtaining sensitive information in a victim's browser. Recommendations: For MT...
PT-2024-20426
Name of the Vulnerable Software and Affected Versions Lime Survey Community Edition version v.5.3.32+220817 Description A Cross Site Scripting XSS issue allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. This enables...
PT-2024-2195 · Trendnet · Trendnet Tew-827Dru
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU router version 2.10B01 Description: There is a command injection issue in the apply.cgi interface, allowing an attacker to inject commands into the post request parameters usapps.config.smb admin name, thereby gaining root...
PT-2024-19639 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: A Cross Site Scripting XSS issue exists in the is water parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. This enables the attacker to potentially steal user data or take...
PT-2024-15811 · Linzhaoguan · Linzhaoguan Pb-Cms
Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms version 2.0 Description: A problematic issue has been found in the Comment Handler component of the software, allowing for cross-site scripting through the manipulation of input, such as . This can be exploited remotely...
PT-2023-32842 · Unknown · Lightxun Iptv Gateway
Name of the Vulnerable Software and Affected Versions: Lightxun IPTV Gateway versions up to 20231208 Description: A vulnerability was found in the processing of the file /ZHGXTV/index.php/admin/index/web upload template.html. The manipulation of the file argument leads to unrestricted upload. The...
PT-2023-31456 · Unknown · Dreamer Cms
Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/database/backup component. This allows for unauthorized actions to be performed on the system. Recommendations: For Dreamer CMS...
PT-2023-31555 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information...
PT-2023-7920 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L version B1 FW223WWb01 Description: The issue is related to the firmware of D-Link DIR-850L routers, specifically version B1 FW223WWb01, where a remote attacker can execute arbitrary code via a crafted script to the en paramete...
PT-2023-28533 · Unknown · Firewall Service
Name of the Vulnerable Software and Affected Versions: Firewall service affected versions not specified Description: The issue is related to a missing permission check in the firewall service, allowing potential local information disclosure without requiring additional execution privileges...
PT-2023-7439 · Delta Electronics · Infrasuite Device Master
Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...
PT-2023-30426 · Unknown · Nagaoka Taxi Line
Name of the Vulnerable Software and Affected Versions: nagaoka taxi Line version 13.6.1 Description: The issue allows remote attackers to send malicious notifications to victims due to the leakage of channel access token. Recommendations: For version 13.6.1, consider restricting access to the...
PT-2023-30228 · E-Tax · E-Tax
Name of the Vulnerable Software and Affected Versions: e-Tax software versions 3.0.10 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker ...
PT-2023-29990 · Loytec · Linx Configurator +7
Name of the Vulnerable Software and Affected Versions: LOYTEC LINX-151 affected versions not specified LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 affected versions not specified LOYTEC LIOB-588 affected versions not specified...