PT-2023-16893 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: A critical issue has been found in the function update of the file AcquisiAction.class.php. The manipulation of the argument id with specific input leads to SQL injection. The attack can be launched remotely...

lmxcms SQL注入漏洞

lmxcms dream cms is a website builder from China Dream Cms lmxcms company. SQL injection vulnerability exists in lmxcms version 1.41, the vulnerability stems from a security issue in the function update in the file AcquisiAction.class.php, which can lead to SQL injection via the parameter id...

PT-2023-10224 · Unknown · Tutranta Project Todolist

Name of the Vulnerable Software and Affected Versions: tutranta project todolist affected versions not specified Description: A critical issue was found in the tutrantta project todolist, affecting the getAffectedRows/where/insert/update function in the library/Database.php library. This issue...

CVE-2022-3991

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2022-3991

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

WordPress plugin Photospace Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Photospace Galler...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists in update function of UserController.php because the username is not properly sanitized in the admin user overview which allows an attacker to inject and execute arbitrary javascript...

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

CVE-2022-43020

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag update function...

Sql injection

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag update function...

CVE-2022-43020

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag update function...

CVE-2022-43020

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag update function...

PT-2022-26440 · Generex · Generex Cs141

Name of the Vulnerable Software and Affected Versions: Generex CS141 versions 2.08 through 2.10 Description: The issue allows remote command execution by administrators via a web interface that reaches run update in /usr/bin/gxserve-update.sh. This can occur, for example, via a reverse shell...

SAMSUNG mTower 缓冲区错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from an "incorrect length buffer access" vulnerability in the TEECipherUpdate function that could allow a trusted application ...

CVE-2022-37099

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat...

PT-2022-3967 · Cisco · Cisco Small Business Rv345 +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, which...

Attackers can call update and grief users from swapping tokens or minting/burning because those functions divide by zero

Lines of code Vulnerability details Details An attacker can specify reserve0 and reserve1 in update function and make them both zero. Every function using those variable to divide would revert causing a dos and causing lost of gas for users proof of concept Attacker has a contract that just keeps...

TWAV can be attacked by flash loan

Lines of code Vulnerability details Impact updateTWAV can be flash loaned. Hacker may pay the flash loan fee for 4 blocks then execute the attack after that. Proof of Concept function updateTWAVuint256 valuation, uint32 blockTimestamp internal uint32 timeElapsed; unchecked timeElapsed =...

Attacker can steal all tokens from pools

Lines of code Vulnerability details Attacker can steal all tokens from pool 2 issues 1.On deployment totalsupply is zero and reserve0 and reserve1 is zero called minting 103 to address zero And if tokens have supply in them amount0=1018 amount1=1018 liquidity= sqr1e36 - 103 =1015 which is still...

CVE-2022-31390

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Update function in app/admin/c/TemplateController.php...