GHSA-MHHP-C3CM-2R86 Test code in published microsoft-graph-core package exposes phpinfo()

Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...

Debian dla-3485 : php-cas - security update

"The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3485 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/...

WordPress 6.0 < 6.2.1

WordPress versions 6.0 6.2.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-2-1-maintenance-security-release. include'compat.inc'; if description...

CVE-2023-30111

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting XSS...

Serendipity 2.4.0 Shell Upload

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...

LDAP Tool Box Self Service Password 1.5.2 Account Takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

SourceCodester Hospital Patient Records Management System Cross-Site Scripting Vulnerability

SourceCodester Hospital Patient Records Management System is a web-based PHP application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0 of the Management System. The vulnerability is related t...

SQLite report about CVE-2022-38627

This is not a bug in SQLite. This is an SQL injection bug in a specific PHP application. In other words, the bug is in the PHP application code, not in SQLite. Even though this CVE is not about SQLite, "SQLite" is mentioned in the publicity about the bug and so we list it here...

WordPress 5.8 < 5.8.2 / 5.7 < 5.7.4 / 5.6 < 5.6.6 / 5.5 < 5.5.7 / 5.4 < 5.4.8 / 5.3 < 5.3.10 / 5.2 < 5.2.13

WordPress versions 5.8 5.8.2 / 5.7 5.7.4 / 5.6 5.6.6 / 5.5 5.5.7 / 5.4 5.4.8 / 5.3 5.3.10 / 5.2 5.2.13 are affected by one or more vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security...

CVE-2021-41139 Reflected XSS vulnerability in time.php

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible...

Simple Attendance System 1.0 - Authenticated bypass

Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Date: September 17, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-100233)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress Post Title Counter plugin suffers from a...

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection Exploit

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote...

Simple Phone book/directory 1.0 - (Username) SQL Injection Vulnerability

Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on: Linux Ubuntu 20.0...

Online Hotel Reservation System 1.0 - &#039;Multiple&#039; Cross-site scripting (XSS)

Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Date: 2021-08-02 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Huawei EulerOS: Security Advisory for file (EulerOS-SA-2021-2116)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : file (EulerOS-SA-2021-2116)

According to the version of the file packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remo...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-40772)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in Easy...

Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...