8 matches found
SQL Injection
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the address-search.inc.php process. An authenticated attacker can extract...
RosarioSIS cross-site scripting vulnerability (CNVD-2020-42951)
RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Search.inc.php script. A remote attacker can exploit the vulnerability by using the...
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL...
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL...
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to a client-side cross-site scripting (XSS) flaw caused by improper validation of user-supplied input in the Search.inc.php script. An attacker can exploit this by crafting a URL with the advanced parameter to execute script code in the victim’s browser within the s...
Coppermine 1.5.18 Cross Site Scripting / Path Disclosure
waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a...
unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities
Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...
CVE-2006-3827
The CVE-2006-3827 entry affects Kailash Nadh’s boastMachine (formerly bMachine) up to v3.1. The issue is an SQL injection in bmc/Inc/core/admin/search.inc.php, exploitable by remote authenticated administrators via the blog parameter. This is caused by unsanitized input being used in SQL queries,...