CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

CVE-2023-0534

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expensereport.php. The manipulation of the argument todate leads to sql injection. It is possible to initiate the attack...

CVE-2023-0531

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/bookingreport.php. The manipulation of the argument todate leads to sql injection. It is possible to launch the attack remotely...

Sql injection

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/bookingreport.php. The manipulation of the argument todate leads to sql injection. It is possible to launch the attack remotely...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Online Tours & Travels Management System version 1.0, which stems from an incorrect manipulation of the parameter todate that ca...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Online Tours & Travels Management System version 1.0, which stems from an incorrect manipulation of the parameter todate that ca...

IBM DB2 DTS To String Conversion - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11400/info IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out. It is reported that during a DTS to string conversion a trap occurs if an empty formatting string is...

Sql injection

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 fromdate or 2 todate parameter to spy.php...

CVE-2008-0520

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 fromdate or 2 todate parameter to spy.php...

Wordpress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================================== Wordpress Plugin WassUp 1.4.3 spy.php todate SQL Injection Exploit ===================================================================== getresults"SELECT id, wassupid,...

CVE-2005-4869

The 1 tochar and 2 todate function in IBM DB2 8.1 allows local users to cause a denial of service application crash via an empty string in the second parameter, which causes a null pointer dereference...

CVE-2005-4869

The 1 tochar and 2 todate function in IBM DB2 8.1 allows local users to cause a denial of service application crash via an empty string in the second parameter, which causes a null pointer dereference...

IBM DB2 DTS To String Conversion - Denial of Service

IBM DB2 DTS To String Conversion - Denial of Service source: https://www.securityfocus.com/bid/11400/info IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out. It is reported that during a DTS to string conversion a trap occurs if an empty...