Lucene search
+L

229 matches found

CNNVD
CNNVD
added 2024/07/28 12:0 a.m.3 views

SourceCodester School Fees Payment System SQL注入漏洞

SourceCodester School Fees Payment System is a school fees payment system. A SQL injection vulnerability exists in version 1.0 of the SourceCodester School Fees Payment System, which stems from an SQL injection vulnerability in the efid parameter of the /receipt.php file...

8.8CVSS7AI score0.00532EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.5 views

PT-2024-38128 · Unknown · Sourcecodester School Fees Payment System

Name of the Vulnerable Software and Affected Versions: SourceCodester School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /receipt.php. The manipulation of the ef id argument leads to SQL injection. This issu...

8.8CVSS8.1AI score0.00532EPSS
Exploits1References8
OSV
OSV
added 2024/07/17 12:0 a.m.34 views

ALSA-2024:4583 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...

9.8CVSS8.5AI score0.01358EPSS
Exploits1References36
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.5 views

Drupal Commerce View Receipt module < 1.0.3 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Norman Kämper-Leymann in WordPress Module Commerce View Receipt versions 1.0.3...

7AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-10362 · Drupal · Drupal Commerce View Receipt +1

Name of the Vulnerable Software and Affected Versions: Drupal Commerce View Receipt versions 0.0.0 through 1.0.2 Description: The issue is related to insufficient authorization procedures in the Commerce View Receipt module of the Drupal CMS system. This can allow a remote attacker to bypass...

5.3CVSS7.5AI score0.00279EPSS
Exploits0References5
OSV
OSV
added 2024/03/16 6:15 p.m.3 views

CVE-2024-2525

A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack...

6.1CVSS4AI score0.0045EPSS
Exploits0References3
OSV
OSV
added 2024/03/16 6:15 p.m.6 views

CVE-2024-2524

A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument roomid leads to sql injection. The attack may be initiated...

8.8CVSS5.7AI score0.00514EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/16 12:0 a.m.4 views

Online-College-Event-Hall-Reservation-System SQL Injection Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. Online-College-Event-Hall-Reservation-System suffers from a SQL...

8.8CVSS7.9AI score0.00514EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/16 12:0 a.m.5 views

Online-College-Event-Hall-Reservation-System Cross-Site Scripting Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. Online-College-Event-Hall-Reservation-System suffers from a cross-si...

6.1CVSS6.1AI score0.0045EPSS
Exploits0References4
OSV
OSV
added 2024/01/04 3:15 p.m.2 views

CVE-2023-50863

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.4 views

Travel Website SQL Injection Vulnerability

Travel Website is a PHP-based travel website. A SQL injection vulnerability exists in Travel Website v1.0, which occurs when the hotelIDHidden parameter on the generateReceipt.php page is processed without filtering the data and sent to the database for processing...

9.8CVSS7.9AI score0.00672EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/09/26 8:49 p.m.63 views

CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

4.3CVSS5.5AI score0.0065EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.14 views

PT-2023-28352 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue allows users to forge read receipts for any event if they know the room ID and event ID. Although users cannot view the events, they can mark them as read, potentially causing confusion ...

8.8CVSS6AI score0.99735EPSS
Exploits9References41
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.4 views

Nevado JMS 安全漏洞

Nevado JMS is a Skyscreamer open source JMS driver for the Queue and Notification Service SQS/SNS for AmazonWeb Services. A security vulnerability exists in Nevado JMS version v1.3.2, which stems from a lack of security checks when receiving messages, and can be exploited by an attacker to execut...

7.8CVSS7.7AI score0.00317EPSS
Exploits1References5
OSV
OSV
added 2023/03/09 9:15 p.m.4 views

CVE-2023-27202

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...

9.8CVSS7.3AI score0.00788EPSS
Exploits1References2
NVD
NVD
added 2023/03/09 9:15 p.m.20 views

CVE-2023-27202

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...

9.8CVSS9.8AI score0.00788EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.5 views

Best POS Management System SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Individual developer. A security vulnerability exists in Best POS Management System version 1.0, which originates from a SQL injection vulnerability via the id parameter in /kruxton/receipt.php...

9.8CVSS8.7AI score0.00788EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.5 views

SUSE CVE-2016-9776

QEMU aka Quick Emulator built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcffecreceive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading t...

3CVSS9.2AI score0.0042EPSS
Exploits0References17
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.14 views

Upgraded Q -> 2 from #621 [1675724705438]

Judge has assessed an item in Issue 621 as 2 risk. The relevant finding follows: L2 - mintReceipt function lacks a check to verify if the quest has already ended mintReceipt function missing check for ended quest. This could result in a scenario where a receipt is minted after the quest has ended...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.7 views

Upgraded Q -> 2 from #670 [1675726386915]

Judge has assessed an item in Issue 670 as 2 risk. The relevant finding follows: L-03 DoS if address owns too many receipts With time it is viable for users to acquire thousands and tens of thousands of receipts. This may happen as a result of buying receipts for example, which was highlighted as...

6.6AI score
Exploits0
Rows per page
Query Builder