542 matches found
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...
PT-2024-26237 · Opentext · Opentext Imanager
Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: The issue is related to a File Upload vulnerability in an unauthenticated session, which could allow an attacker to upload a file without authentication. Recommendations: For OpenText iManager...
PT-2024-20985 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkPlan/WorkPlanAttachDownLoad.aspx" API endpoint...
PT-2024-25127 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findpage function. This allows for potential exploitation. No information is provided about the estimated number of potentially...
PT-2024-22767 · Alcatel Lucent · Alcatel-Lucent Ale Noe Deskphones +1
Name of the Vulnerable Software and Affected Versions: Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier Description: An issue was discovered due to improper privilege management,...
PT-2024-25190 · Unknown · Library System
Name of the Vulnerable Software and Affected Versions: Library System version V1.0 Description: An issue in the Library System allows a remote attacker to execute arbitrary code via the FAILE variable in the student edit photo.php component. Recommendations: For Library System version V1.0,...
PT-2024-25115 · Thinksaas · Thinksaas
Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. This...
PT-2024-25747 · Totolink · Totolink Cp450
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP450 version 4.1.0cu.747 B20191224 Description: A stack buffer overflow issue was found in the SetPortForwardRules function. Recommendations: For TOTOLINK CP450 version 4.1.0cu.747 B20191224, consider disabling the SetPortForwardRul...
PT-2024-24156 · Unknown · Rg-Rsr10-01G-T(Wa)-S
Name of the Vulnerable Software and Affected Versions: RG-RSR10-01G-TW-S and RG-RSR10-01G-TWA-S routers version RSR10-01G-T-S RSR 3.01B9P2, Release07150910 Description: An issue in the routers allows attackers to execute arbitrary code via the common quick config.lua file. Recommendations: For...
PT-2024-24510 · Totolink · Totolink N300Rt
Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RT version V2.1.8-B20201030.1539 Description: The issue is related to a Store Cross-site scripting XSS vulnerability. This vulnerability is located in the Port Forwarding section under the Firewall Page. Recommendations: For...
PT-2024-24489 · Tenda · Tenda W30E
Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0 V1.0.1.25633 Description: The issue is a command injection vulnerability in the formexeCommand function via the cmdinput parameter. This allows for potential exploitation. Recommendations: For Tenda W30E version 1.0...
PT-2024-4892 · Oracle · Oracle Complex Maintenance
Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product within...
PT-2024-24186 · Sourcecodester · Sourcecodester Loan Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Loan Management System version 1.0 Description: The issue concerns SQL Injection via the password parameter in the "login.php" file. This allows for potential unauthorized access to sensitive data. There is no information...
PT-2024-22929 · Unknown · Summernote
Name of the Vulnerable Software and Affected Versions: Summernote versions 0.8.18 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the codeview parameter. This enables the attacker to perform actions such as executing arbitrary code on...
PT-2024-23632 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the username argumen...
PT-2024-23647 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been found in the Ambulance Tracking Page component, specifically in the file ambulance-tracking.php. The manipulation of the searchdata argument leads...
PT-2024-14897
Name of the Vulnerable Software and Affected Versions Egehan Security WebPDKS versions through 20240329 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor w...
PT-2024-22386 · Unknown · Open Source Medicine Ordering System
Name of the Vulnerable Software and Affected Versions: Open Source Medicine Ordering System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the date parameter at the "/admin/reports/index.php" API endpoint. Recommendations: F...
PT-2024-20819 · Unknown · Magesh-K21 Online-College-Event-Hall-Reservation-System
Name of the Vulnerable Software and Affected Versions: MAGESH-K21 Online-College-Event-Hall-Reservation-System version 1.0 Description: A problem was found in the system, affecting some unknown functionality of the file /admin/bookdate.php. The issue involves the manipulation of the id argument,...
PT-2024-19356 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the storage of potentially sensitive information in log files by IBM InfoSphere Information Server, which could be accessed by a local user. Recommendations: For I...