61 matches found
CVE-2025-3555 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The...
CVE-2025-3205
CVE-2025-3205 affects CodeAstro Student Grading System 1.0. The vulnerability is in the studentsubject.php file, where manipulating the studentId parameter leads to SQL injection. Exploitation can be performed remotely via a network attack, and the exploit has been publicly disclosed. There is no...
CVE-2025-3177
Concerning CVE-2025-3177, multiple connected sources confirm a vulnerability in FastCMS 0.1.5 affecting the JWT Handler component, specifically the use of a hard-coded cryptographic key. Access is remote, attack complexity is high, and no privileges are required. The Public disclosure status is n...
CVE-2025-2990 Tenda FH1202 Web Management Interface AdvSetWrlGstset access control
A vulnerability was found in Tenda FH1202 1.2.0.14408. It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely...
CVE-2025-2682 PHPGurukul Bank Locker Management System edit-subadmin.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-2386 PHPGurukul Local Services Search Engine Management System serviceman-search.php sql injection
A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated...
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2084
CVE-2025-2084 concerns a cross-site scripting vulnerability in PHPGurukul’s Human Metapneumovirus Testing Management System 1.0. The affected component is the Search Report Page’s file /search-report.php, where an unknown function is manipulated to trigger XSS. The vulnerability is exploitable re...
Linux Distros Unpatched Vulnerability : CVE-2013-0339
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or...
Linux Distros Unpatched Vulnerability : CVE-2016-4538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considerin...
Linux Distros Unpatched Vulnerability : CVE-2016-2554
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of servi...
CVE-2025-1380 Codezips Gym Management System del_plan.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/delplan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit...
CVE-2025-25526
Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...
CVE-2025-0967
CVE-2025-0967 affects Code-Projects Chat System 1.0. The vulnerability is a SQL injection in the file /user/add_chatroom.php, caused by unsafely handling the chatname/chatpass parameters. The issue is exploitable remotely and could allow an attacker to manipulate SQL statements, potentially expos...
CVE-2024-13140
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=uploadcover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launc...
ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...
CVE-2010-4727
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...
CVE-2010-4722
Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors...
PT-2007-4751 · Microsoft · Office Excel
Name of the Vulnerable Software and Affected Versions: Microsoft Excel version 2003 SP2 Description: The issue is related to an unspecified vulnerability in Microsoft Excel, potentially connected to the sheet name. It may allow remote attackers to have an unknown impact via unspecified vectors...
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it...