229 matches found
SourceCodester School Fees Payment System SQL注入漏洞
SourceCodester School Fees Payment System is a school fees payment system. A SQL injection vulnerability exists in version 1.0 of the SourceCodester School Fees Payment System, which stems from an SQL injection vulnerability in the efid parameter of the /receipt.php file...
PT-2024-38128 · Unknown · Sourcecodester School Fees Payment System
Name of the Vulnerable Software and Affected Versions: SourceCodester School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /receipt.php. The manipulation of the ef id argument leads to SQL injection. This issu...
ALSA-2024:4583 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...
Drupal Commerce View Receipt module < 1.0.3 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by Norman Kämper-Leymann in WordPress Module Commerce View Receipt versions 1.0.3...
PT-2024-10362 · Drupal · Drupal Commerce View Receipt +1
Name of the Vulnerable Software and Affected Versions: Drupal Commerce View Receipt versions 0.0.0 through 1.0.2 Description: The issue is related to insufficient authorization procedures in the Commerce View Receipt module of the Drupal CMS system. This can allow a remote attacker to bypass...
CVE-2024-2525
A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack...
CVE-2024-2524
A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument roomid leads to sql injection. The attack may be initiated...
Online-College-Event-Hall-Reservation-System SQL Injection Vulnerability
Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. Online-College-Event-Hall-Reservation-System suffers from a SQL...
Online-College-Event-Hall-Reservation-System Cross-Site Scripting Vulnerability
Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. Online-College-Event-Hall-Reservation-System suffers from a cross-si...
CVE-2023-50863
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database...
Travel Website SQL Injection Vulnerability
Travel Website is a PHP-based travel website. A SQL injection vulnerability exists in Travel Website v1.0, which occurs when the hotelIDHidden parameter on the generateReceipt.php page is processed without filtering the data and sent to the database for processing...
CVE-2023-42453
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...
PT-2023-28352 · Synapse +2 · Synapse +2
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue allows users to forge read receipts for any event if they know the room ID and event ID. Although users cannot view the events, they can mark them as read, potentially causing confusion ...
Nevado JMS 安全漏洞
Nevado JMS is a Skyscreamer open source JMS driver for the Queue and Notification Service SQS/SNS for AmazonWeb Services. A security vulnerability exists in Nevado JMS version v1.3.2, which stems from a lack of security checks when receiving messages, and can be exploited by an attacker to execut...
CVE-2023-27202
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...
CVE-2023-27202
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...
Best POS Management System SQL注入漏洞
Best pos management system is a best pos management system by Mayuri K. Individual developer. A security vulnerability exists in Best POS Management System version 1.0, which originates from a SQL injection vulnerability via the id parameter in /kruxton/receipt.php...
SUSE CVE-2016-9776
QEMU aka Quick Emulator built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcffecreceive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading t...
Upgraded Q -> 2 from #621 [1675724705438]
Judge has assessed an item in Issue 621 as 2 risk. The relevant finding follows: L2 - mintReceipt function lacks a check to verify if the quest has already ended mintReceipt function missing check for ended quest. This could result in a scenario where a receipt is minted after the quest has ended...
Upgraded Q -> 2 from #670 [1675726386915]
Judge has assessed an item in Issue 670 as 2 risk. The relevant finding follows: L-03 DoS if address owns too many receipts With time it is viable for users to acquire thousands and tens of thousands of receipts. This may happen as a result of buying receipts for example, which was highlighted as...