79 matches found
CVE-2019-18642
Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...
CVE-2019-18643
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...
EUVD-2019-8360
Malware in sbrugna...
EUVD-2020-11915
Malware in sbrugna...
EUVD-2019-8362
Malware in sbrugna...
EUVD-2023-37683
Malicious code in bioql PyPI...
EUVD-2025-29133
Malicious code in bioql PyPI...
CVE-2025-10409 SourceCodester Student Grading System rms.php sql injection
A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public...
PT-2025-37429
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Grading System version 1.0 Description: A weakness exists in SourceCodester Student Grading System 1.0. The issue affects an unknown part of the file /rms.php?page=users. Manipulation of the fname argument can lead to S...
SourceCodester Student Grading System SQL注入漏洞
SourceCodester Student Grading System is an open source student grading system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Student Grading System version 1.0, which stems from an incorrect manipulation of the parameter fname in the file /rms.php, which could lead t...
CVE-2025-4687
In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...
CVE-2023-33524
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
CVE-2020-1019
An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'...
CVE-2019-18641
Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller...
CVE-2023-33524
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
CVE-2023-33524
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
CVE-2023-33524
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
Directory traversal
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
CVE-2023-33524
Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...
CVE-2023-33524
CVE-2023-33524 affects Advent/SSC Inc. Tamale RMS versions prior to 23.1. The issue is a directory traversal vulnerability in the web application, allowing an attacker to enumerate contact information stored within the host (usernames, e‑mail addresses, and other internal data) when accessing the...