116 matches found
PT-2022-8621 · Unknown · Zhimengzhe Ibarn
Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the upload function in action/Core.class.php. Recommendations: F...
Cross site scripting
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability...
CVE-2022-36759
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?resid=...
Library Management System SQL注入漏洞
Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Library Management System v1.1 due to a SQL injection in the MId parameter of its /student/dele.php...
PT-2022-20967 · NetGear · Netgear Wnap320
Name of the Vulnerable Software and Affected Versions: Netgear WNAP320 router version WNAP320 V2.0.3 firmware Description: The issue is related to Incorrect Access Control, which can be exploited via the /recreate.php endpoint, potentially leaking all users' cookies. Recommendations: For Netgear...
CVE-2022-32378
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getteacherprofile.php?myindex=...
PT-2022-20351 · Unknown · Toll Tax Management System
Name of the Vulnerable Software and Affected Versions: Toll-tax-management-system version 1.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the API endpoint "/ttms/classes/Master.php" with the parameter f set to "save recipient" and the vehicle...
CVE-2022-28512
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...
Skycaiji 安全漏洞
Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang Zhuolan Technology Co., Ltd, developed with php+mysql and can be deployed on cloud servers. A security vulnerability exists in Skycaiji version 2.4, which originated from the discovery that...
CVE-2022-28416
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=deletephase...
CVE-2022-28026
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=studentp&id=...
CVE-2019-17644
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php...
hosguldregn.dk XSS vulnerability
Vulnerable URL: http://www.hosguldregn.dk/pres3.php?id=4"'--!KNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
Arbitrary File Upload Vulnerability in SignName Parameter of Tibco Call Center System
The core of Tibco's call center system is a communication-based system for internal and external corporate communication. An arbitrary file upload vulnerability exists in the signName parameter of the Tibus Communication Call Center System. 1 File upload: /sysmaint/import/import.php, save...
CubeCart Stored Cross-Site Scripting Vulnerability
CubeCart is an open source PHP e-commerce software system. A stored cross-site scripting vulnerability exists in CubeCart. Due to insufficient filtering of user-supplied data via the "firstname" and "lastname" HTTP POST parameters passed to the "/index.php" script input, a remotely-authenticated...
PT-2010-1396 · Maxdev · Mforum
Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...