Lucene search
K

142 matches found

CNNVD
CNNVD
added 2022/12/30 12:0 a.m.5 views

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a buffer overflow vulnerability that stems from a lack of size checking of input data in the usereditpage parameter of the wificaptiveportal function, which can be exploited by an attacker to execute arbitrary...

9.8CVSS8.1AI score0.00873EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.6 views

CVE-2022-41767

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range...

6.6AI score0.00641EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.3 views

PT-2022-26352 · Unknown · Sourcecodester Book Store Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Book Store Management System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Book Store Management System. This issue affects an unknown part of the file /bsms ci/index.php/user/edit...

7.5CVSS5.4AI score0.01211EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.2 views

Yunjing Digital Technology YJCMS安全漏洞

Yunjing Digital Technology YJCMS is a content management system from Yunjing Digital Technology China. A security vulnerability exists in Yunjing Digital Technology YJCMS v1.0.9, which originates from a security issue in the /index/user/useredit.html component, and can be exploited by an attacker...

9.8CVSS8.2AI score0.00829EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.5 views

PT-2022-27455 · Yjcms · Yjcms

Name of the Vulnerable Software and Affected Versions: YJCMS version 1.0.9 Description: An issue in the "/index/user/user edit.html" component allows unauthenticated attackers to obtain the Administrator account password. Recommendations: For YJCMS version 1.0.9, consider restricting access to th...

9.8CVSS9.2AI score0.00829EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.3 views

Online Pet Shop We App 代码问题漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in Online Pet Shop We App v1.0, which originates from an arbitrary file upload vulnerability via the edit function in the user module. The vulnerability can be...

7.2CVSS7.7AI score0.01056EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.8 views

School Activity Updates with SMS Notification v1.0 SQL注入漏洞

School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is an activity in the school. A security vulnerability exists in School Activity...

7.2CVSS7.2AI score0.00734EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/15 12:0 a.m.3 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.8CVSS5.8AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 4:15 p.m.3 views

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

7.2CVSS7.2AI score0.00946EPSS
Exploits1References2
OSV
OSV
added 2022/06/02 4:15 p.m.5 views

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

7.2CVSS7.1AI score0.00946EPSS
Exploits1References1
Prion
Prion
added 2022/06/02 4:15 p.m.18 views

Sql injection

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

6.5CVSS7.4AI score0.00946EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-31338

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...

9.8CVSS7.4AI score0.01067EPSS
Exploits1References2
OSV
OSV
added 2022/06/02 2:15 p.m.2 views

CVE-2022-31338

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...

9.8CVSS5.8AI score0.01067EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 4:15 p.m.2 views

CVE-2022-27163

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUserseditUser...

9.8CVSS6AI score0.01138EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/27 2:45 a.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...

3.5CVSS0.00634EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.5 views

Usoc SQL注入漏洞

Usoc is a useful and simple open source Cms from the individual developer Aaron Junker in Switzerland. A security vulnerability exists in Usoc, which stems from the fact that versions prior to Pb2.4Bfx3 only allow users with administrative privileges to perform Sql injection in usersearch.php...

7.2CVSS7.1AI score0.01193EPSS
Exploits0References4
OSV
OSV
added 2021/10/04 6:15 p.m.2 views

CVE-2021-39347

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

4.3CVSS5.6AI score0.00648EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.3 views

WordPress 插件 Stripe for WooCommerce 安全漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Stripe for WooCommerce, which stems from a...

4.3CVSS5.5AI score0.00648EPSS
Exploits0References4
OSV
OSV
added 2021/06/21 4:15 a.m.7 views

CVE-2020-20466

White Shark System WSS 1.3.2 is vulnerable to unauthorized access via usereditpassword.php, remote attackers can modify the password of any user...

9.8CVSS5.8AI score0.01803EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.5 views

White Shark System 跨站请求伪造漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A cross-site request forgery vulnerability exists in...

6.5CVSS5.5AI score0.00501EPSS
Exploits1References2
Rows per page
Query Builder