24 matches found
EUVD-2024-39585
Malicious code in bioql PyPI...
EUVD-2024-50798
Malicious code in bioql PyPI...
CVE-2024-42380
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application...
CVE-2024-12353
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...
CVE-2025-26348
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...
PT-2025-7137 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as SQL Injection. This occurs in the maxprofile/menu/model.lua file, specifically a...
Q-Free MAXTIME Suite SQL注入漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A SQL injection vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the editUserGroupMenu endpoint in maxprofile/menu/model.lua that does not properly handle user...
CVE-2024-12353
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...
CVE-2024-12354 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. T...
CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...
CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...
SourceCodester Phone Contact Manager System 安全漏洞
SourceCodester Phone Contact Manager System is an open source phone contact management system from SourceCodester. A security vulnerability exists in SourceCodester Phone Contact Manager System version 1.0, which is caused by a buffer overflow issue in the UserInterface::MenuDisplayStart function...
PT-2024-17562 · Sourcecodester · Sourcecodester Phone Contact Manager System
Name of the Vulnerable Software and Affected Versions: SourceCodester Phone Contact Manager System version 1.0 Description: The issue is related to insufficient input validation, which can allow an attacker to execute arbitrary code. It affects the function UserInterface::MenuDisplayStart of the...
CVE-2024-42380
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application...
CVE-2024-42380
CVE-2024-42380 concerns SAP NetWeaver AS ABAP/ABAP Platform where an RFC-enabled function module allows a low-privileged user to read other users’ workplace favourites, user menus, and related node data, enabling username enumeration. The impact is described as low confidentiality risk to the app...
PT-2024-29908 · Sap · Sap Systems
Name of the Vulnerable Software and Affected Versions: SAP Systems affected versions not specified Description: The RFC enabled function module in SAP Systems allows a low-privileged user to read any user's workplace favorites and user menu, along with specific data of each node. This issue enabl...
phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)
phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...
CVE-2017-15640
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter...
CVE-2017-15640
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter...
CVE-2017-15640
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter...