66 matches found
CVE-2025-1946 hzmanyun Education and Training System exportPDF command injection
A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit ha...
CVE-2025-1676
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack can be launched remotely. The exploit has...
CVE-2025-1676 hzmanyun Education and Training System pdf2swf os command injection
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack can be launched remotely. The exploit has...
CVE-2025-1676 hzmanyun Education and Training System pdf2swf os command injection
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack can be launched remotely. The exploit has...
CVE-2025-1555
The CVE-2025-1555 entry affects the product hzmanyun Education and Training System 3.1.1 , specifically the vulnerable function saveImage . The issue arises from manipulating the argument file , leading to an unrestricted upload vulnerability. The impact is described as remote post-exploitation c...
CVE-2025-1555 hzmanyun Education and Training System saveImage unrestricted upload
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the publ...
Education and Training System 代码问题漏洞
Education and Training System is an education and training system by the individual developer hzmanyun. A code issue exists in Education and Training System version 3.1.1, which stems from a lack of restrictions in the upload process, resulting in arbitrary file uploads...
Nanjing Guanbao Technology Development Co., Ltd. safety education and training information system has information leakage vulnerability
Nanjing Tube Bao Technology Development Co., Ltd. is a high-tech enterprise focusing on computer hardware and software research and development, sales, service and system integration. There is an information leakage vulnerability in the security education and training information system of Nanjin...
CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...
XML Entity Injection Vulnerability in Training and Exam System of Beijing Yunfan Internet Technology Co.
Beijing Yunfan Internet Technology Co., Ltd. business scope includes: technology development, technology promotion, technology transfer, technology consulting, technical services and so on. Beijing Yunfan Internet Technology Co., Ltd. training and examination system exists XML entity injection...
Unauthorized Access Vulnerability in the Frontend of Smartstone Online Training and Learning System of Shijiazhuang Lingstone Technology Co.
Smartstone Online Training and Learning System is an online learning platform that integrates both passive training and active learning modes and supports multi-level authorization management. There is an unauthorized access vulnerability in the frontend of Smartstone Online Training and Learning...
U.S. Dept Of Defense: Online training material disclosing username and password
Summary: A training document is revealing username and password details for what appears to be a DoD training system Description: Using the google dork site:.mil ext:ppt intext:password, I was able to find a number of powerpoint documents on .mil websites that include username and passwords. This...
File Upload Vulnerability in the Frontend of Online Training System of Beijing Xinqi Technology Co.
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A file upload vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co., Ltd. that can be exploited by an...
Beijing Xinqi Technology Co., Ltd. online training system has an override access vulnerability in the frontend
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co. An attacker can exploit the vulnerability to log ...
SQL Injection Vulnerability in the Frontend of Online Training System of Beijing Xinqi Technology Co.
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A SQL injection vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co. An attacker can exploit the...
Stored Cross-site Scripting Vulnerability in the Frontend of Online Training System of Beijing Xinqi Technology Co.
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A stored cross-site scripting vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co. An attacker can inser...
Arbitrary File Upload Vulnerability in the Frontend of Online Training System of Beijing Xinqi Technology Co.
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. An arbitrary file upload vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co. The vulnerability allows a...
Days Bo online training system /Web_Org/Class_Info. aspx file couseid parameter SQL injection vulnerability
No description provided by source...
Days Bo online training system network school Edition Course_Class_List_Default. aspx the parameter cid SQL injection vulnerability
No description provided by source...
Days Bo online training system St_Son_Index. aspx, etc. 6 SQL injection vulnerability
No description provided by source...