Lucene search
K

116 matches found

Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.4 views

PT-2022-8621 · Unknown · Zhimengzhe Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the upload function in action/Core.class.php. Recommendations: F...

8.8CVSS7.7AI score0.01218EPSS
Exploits1References4
Prion
Prion
added 2022/12/01 9:15 a.m.15 views

Cross site scripting

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability...

5.8CVSS6.1AI score0.00418EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/02 3:15 a.m.7 views

CVE-2022-36759

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?resid=...

9.8CVSS5.8AI score0.00927EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.2 views

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Library Management System v1.1 due to a SQL injection in the MId parameter of its /student/dele.php...

9.8CVSS8.7AI score0.00908EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/17 12:0 a.m.4 views

PT-2022-20967 · NetGear · Netgear Wnap320

Name of the Vulnerable Software and Affected Versions: Netgear WNAP320 router version WNAP320 V2.0.3 firmware Description: The issue is related to Incorrect Access Control, which can be exploited via the /recreate.php endpoint, potentially leaking all users' cookies. Recommendations: For Netgear...

5.3CVSS5.1AI score0.01226EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/06/15 7:15 p.m.9 views

CVE-2022-32378

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getteacherprofile.php?myindex=...

7.2CVSS5.9AI score0.00909EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/24 12:0 a.m.4 views

PT-2022-20351 · Unknown · Toll Tax Management System

Name of the Vulnerable Software and Affected Versions: Toll-tax-management-system version 1.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the API endpoint "/ttms/classes/Master.php" with the parameter f set to "save recipient" and the vehicle...

5.4CVSS5.8AI score0.00515EPSS
Exploits1References4
OSV
OSV
added 2022/05/04 3:15 p.m.3 views

CVE-2022-28512

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...

9.8CVSS5.8AI score0.01364EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.2 views

Skycaiji 安全漏洞

Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang Zhuolan Technology Co., Ltd, developed with php+mysql and can be deployed on cloud servers. A security vulnerability exists in Skycaiji version 2.4, which originated from the discovery that...

7.2CVSS7.2AI score0.20092EPSS
Exploits1References2
OSV
OSV
added 2022/04/21 8:15 p.m.2 views

CVE-2022-28416

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=deletephase...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/21 8:15 p.m.2 views

CVE-2022-28026

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=studentp&id=...

9.8CVSS7.3AI score0.01364EPSS
Exploits1References2
OSV
OSV
added 2020/03/04 10:15 p.m.2 views

CVE-2019-17644

An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php...

7.5CVSS7.1AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/04/22 10:12 a.m.13 views

hosguldregn.dk XSS vulnerability

Vulnerable URL: http://www.hosguldregn.dk/pres3.php?id=4"'--!KNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

6.3AI score
Exploits0
CNVD
CNVD
added 2016/11/02 12:0 a.m.4 views

Arbitrary File Upload Vulnerability in SignName Parameter of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. An arbitrary file upload vulnerability exists in the signName parameter of the Tibus Communication Call Center System. 1 File upload: /sysmaint/import/import.php, save...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2016/03/30 12:0 a.m.1 views

CubeCart Stored Cross-Site Scripting Vulnerability

CubeCart is an open source PHP e-commerce software system. A stored cross-site scripting vulnerability exists in CubeCart. Due to insufficient filtering of user-supplied data via the "firstname" and "lastname" HTTP POST parameters passed to the "/index.php" script input, a remotely-authenticated...

6.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2010/01/06 12:0 a.m.5 views

PT-2010-1396 · Maxdev · Mforum

Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...

7.5CVSS7.9AI score0.01173EPSS
Exploits1References6
Rows per page
Query Builder