PT-2022-18025 · Sourcecodester · Sourcecodester Garage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Garage Management System affected versions not specified Description: A critical issue has been found in the SourceCodester Garage Management System, allowing for SQL injection through the manipulation of the userName/uemail...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in cszcmsadminUserseditUser, and can be used by attackers to execute illegal SQL commands to obtain...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2020-19682

A Cross Site Request Forgery CSRF vulnerability exits in ZZZCMS V1.7.1 via the saveuser funciton in save.php...

Command injection

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816A2, which stems from an issue discovered via the HTTP request parameter in the handler function of the goform form2userconfig.cgi route, where a username string can...

Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2021-33522)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...

Design/Logic Flaw

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...

PT-2020-13356 · Aerospike · Aerospike Community Edition

Name of the Vulnerable Software and Affected Versions: Aerospike Community Edition version 4.9.0.5 Description: The issue allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. Although it attempts to restrict code executio...

Cross site scripting

A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name...

CVE-2019-3865

CVE-2019-3865 involves quay-2 with a stored XSS in the super user function. The issue allows injection of scripts via the name field of a service key, which can execute when admin users try to change the name. Documents consistently describe the vulnerability mechanism but do not provide a confir...

CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued...

CVE-2019-7544

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting XSS vulnerability in the User Name Field...

Cross site scripting

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting XSS vulnerability in the User Name Field...