PT-2025-7806 · Benner · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions up to 1.1.0 Description: A vulnerability was found in the processing of the file /DadosPessoais/SG AlterarSenha, leading to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1....

CVE-2024-6963 Tenda O3 formexeCommand stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2024-5385

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input confirm document.cookie leads t...

CVE-2024-4587

CVE-2024-4587 affects DedeCMS 5.7, with CSRF in /src/dede/tpl.php. The vulnerability can be triggered remotely; exploitation has been disclosed publicly. Documents do not specify a patch or official remediation. A PT Security advisory suggests restricting access to the affected file as a temporar...

CVE-2024-4235

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

PT-2024-24026 · Francoisjacquet · Rosariosis

Name of the Vulnerable Software and Affected Versions: francoisjacquet RosarioSIS version 11.5.1 Description: A disputed issue affects the Add Portal Note component, leading to cross-site scripting. The attack can be initiated remotely. The vendor notes that the PDF is opened by the browser app i...

Design/Logic Flaw

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument productprice leads to business logic errors. The attack may be initiated remotely. The exploit ha...

Cross site scripting

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file addreserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input...

Path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

Cross site request forgery (csrf)

A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...

Recip.ly < 1.1.8 - Unauthenticated File Upload

Description A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely...

Cross site scripting

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "confirm document.cookie...

Cross site request forgery (csrf)

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4384

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of ...

Cross site scripting

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this...

CVE-2023-3238

OTCMS up to 6.62 contains a server-side request forgery (SSRF) vulnerability in the /admin/read.php?mudi=getSignal endpoint. The manipulation of the signalUrl parameter allows remote exploitation, as described in CVE-2023-3238 and corroborated by multiple sources. Impact is described as critical ...

CVE-2023-1946 SourceCodester Survey Application System Add New cross site scripting

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

PT-2023-11828 · Unknown · Paxswill Eve Ship Replacement Program

Name of the Vulnerable Software and Affected Versions: paxswill EVE Ship Replacement Program version 0.12.11 Description: A vulnerability was found in the paxswill EVE Ship Replacement Program, affecting the User Information Handler component. This issue leads to information disclosure and can be...

Cross site scripting

A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named...