CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

Dahua Smart Parking Management 代码问题漏洞

Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...

YFCMF 安全漏洞

YFCMF is a software application. It provides a lightweight enterprise website management system. A security vulnerability exists in YFCMF before 3.0.4, which stems from unknown code in index.php that causes path traversal...

Guangdong Pythagorean OA Office System 跨站请求伪造漏洞

Guangdong Pythagorean OA Office System Gougu OA is a practical enterprise office system of China Gouguopen open source gouguopen open source . A cross-site request forgery vulnerability exists in Guangdong Pythagorean OA Office System versions prior to 4.50.31. The vulnerability stems from the...

CVE-2023-2776

A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability...

CVE-2023-2660

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file viewcategories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2023-2245

A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2023-1860

A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"alert%27c4ng4c3ir0%27 leads to cross site scripting. The attack can be...

CVE-2023-1689

A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=saveearning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...

Cross site scripting

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2023-1359

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument UNAME leads ...

CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...

SUSE CVE-2022-4885

A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2014-125080 frontaccounting faplanet path traversal

A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue...

PT-2023-10150 · Unknown · Frontaccounting

Name of the Vulnerable Software and Affected Versions: frontaccounting faplanet affected versions not specified Description: A critical vulnerability has been found in frontaccounting faplanet, affecting unknown code and leading to path traversal. Recommendations: At the moment, there is no...

sqldump SQL注入漏洞

sqldump is a Gopher Gala open source widget for database management. SQL injection vulnerability exists in sqldump , the vulnerability stems from unknown code effects , the operation leads to SQL injection...

CVE-2015-10034

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue...

workout-organizer SQL注入漏洞

workout-organizer is an application by Jakub Nowak Personal Developer. A SQL injection vulnerability exists in workout-organizer, which originates from unknown code that operates to cause SQL injection...