SourceCodester Pet Grooming Management Software 授权问题漏洞

SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software has a licensing issue vulnerability. This vulnerability stems from operations on the financial reporting pag...

EUVD-2008-6971

Malware in sbrugna...

Online Fire Reporting System /reporting.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /reporting.php. The vulnerability c...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

GHSA-X3WM-HFFR-CHWM Amazon JDBC Driver for Redshift SQL Injection via line comment generation

Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that...

s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

DRUPAL-CONTRIB-2023-027

This module enables a UI to display all libraries provided by modules and themes on the Drupal site. The module doesn't sufficiently protect the libraries reporting page. It curently is using the 'access content' permission and not a proper administrative/access permission. The...

OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

CVE-2022-27434

UNIT4 TETA Mobile Edition ME before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page...

ZOHO ManageEngine Desktop Central MSP Information Disclosure Vulnerability

ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO USA. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks, and provides differentiated management...

ZOHO ManageEngine Desktop Central MSP 信息泄露漏洞

ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO USA. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks, and provides differentiated management...

fleetmatics-usa.com XSS vulnerability

Vulnerable URL: http://www.fleetmatics-usa.com/reporting/generalprint.asp?TotalPages=1"...

PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...

PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...