10 matches found
CVE-2026-9524
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
EUVD-2026-31783
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
EasyReport SQL注入漏洞
EasyReport is a simple and easy-to-use web reporting tool developed by TomDeng. Versions of EasyReport 2.0.17.0522Beta and earlier have a SQL injection vulnerability. This vulnerability stems from improper handling of the reportParams parameter in the execute function of the REST Endpoint...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2023-32306 Time Tracker has Blind SQL Injection Vulnerability in Reports
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not...
The first stage of the WER protocol is not SSL encrypted in Windows
The first stage of the WER protocol is not SSL encrypted in Windows Symptoms Microsoft uses Windows Error Reporting WER to transmit troubleshooting information and updates for specific problems in Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008. For example, WER sends...
CVE-2014-1652
Multiple cross-site scripting XSS vulnerabilities in the management console in Symantec Web Gateway SWG before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the management console in Symantec Web Gateway SWG before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters...
CVE-2005-0287
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values...