Cups Easy cross-site scripting vulnerability (CNVD-2024-12235)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the itemidy parameter on the /cupseasylive/stocktransactionslist.php page. An attacker...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11150)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the issuanceno parameter on the /cupseasylive/stockissuancedisplay.php page. An attacke...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11134)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the grnno parameter on the /cupseasylive/grndisplay.php page. An attacker could use thi...

PT-2024-4357

Name of the Vulnerable Software and Affected Versions PHP versions 8.1. through 8.1.28 PHP versions 8.2. through 8.2.19 PHP versions 8.3. through 8.3.7 Description A code logic error in PHP's filtering functions, such as filter var, when validating URLs with FILTER VALIDATE URL, can result in...

DLA-3089-1 php-horde-mime-viewer - security update

Bulletin has no description...

Fingerprint Attendance 1.0 SQL Injection

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQ...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

Product & Service Introduction: =============================== Car Portal is a php software product for running auto classifieds websites. It provides functionality for the private sellers to sign up, list their car for sale and make changes in their ads online using the private sellers...

CVE-2016-7128

The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

Document Title: =============== Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1891 Release Date: ============= 2016-07-31 Vulnerability Laboratory ID VL-ID: ==================================...

CVE-2016-4543

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

CVE-2016-4071

Format string vulnerability in the phpsnmperror function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call...

vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016 CVE: CVE-2015-7808 Background vBulletin is PHP software for building community websites. Problem A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the...

vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016 CVE: CVE-2015-7808 Background vBulletin is PHP software for building community websites. Problem A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the...

CVE-2014-0238

The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...

Reserve Logic Booking CMS 1.2 XSS / Shell Upload / SQL Injection

Title: ====== Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities Date: ===== 2012-06-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=617 VL-ID: ===== 617 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities

Document Title: =============== Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=617 Release Date: ============= 2012-06-18 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Car Portal CMS v3.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provides functionality for the private sellers to sign up, list their c...

Car Portal CMS 3.0 - Multiple Vulnerabilities

Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provid...

Car Portal CMS 3.0 CSRF / XSS / Shell Upload

Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provid...

Car Portal CMS v3.0 - Multiple Web Vulnerabilities

Document Title: =============== Car Portal CMS v3.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=502 Release Date: ============= 2012-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 502...