142 matches found
TRENDnet TEW-755AP 缓冲区错误漏洞
The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a buffer overflow vulnerability that stems from a lack of size checking of input data in the usereditpage parameter of the wificaptiveportal function, which can be exploited by an attacker to execute arbitrary...
CVE-2022-41767
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range...
PT-2022-26352 · Unknown · Sourcecodester Book Store Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Book Store Management System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Book Store Management System. This issue affects an unknown part of the file /bsms ci/index.php/user/edit...
Yunjing Digital Technology YJCMS安全漏洞
Yunjing Digital Technology YJCMS is a content management system from Yunjing Digital Technology China. A security vulnerability exists in Yunjing Digital Technology YJCMS v1.0.9, which originates from a security issue in the /index/user/useredit.html component, and can be exploited by an attacker...
PT-2022-27455 · Yjcms · Yjcms
Name of the Vulnerable Software and Affected Versions: YJCMS version 1.0.9 Description: An issue in the "/index/user/user edit.html" component allows unauthenticated attackers to obtain the Administrator account password. Recommendations: For YJCMS version 1.0.9, consider restricting access to th...
Online Pet Shop We App 代码问题漏洞
Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in Online Pet Shop We App v1.0, which originates from an arbitrary file upload vulnerability via the edit function in the user module. The vulnerability can be...
School Activity Updates with SMS Notification v1.0 SQL注入漏洞
School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is an activity in the school. A security vulnerability exists in School Activity...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-32010
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...
CVE-2022-32010
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...
Sql injection
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...
CVE-2022-31338
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...
CVE-2022-31338
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...
CVE-2022-27163
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUserseditUser...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...
Usoc SQL注入漏洞
Usoc is a useful and simple open source Cms from the individual developer Aaron Junker in Switzerland. A security vulnerability exists in Usoc, which stems from the fact that versions prior to Pb2.4Bfx3 only allow users with administrative privileges to perform Sql injection in usersearch.php...
CVE-2021-39347
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...
WordPress 插件 Stripe for WooCommerce 安全漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Stripe for WooCommerce, which stems from a...
CVE-2020-20466
White Shark System WSS 1.3.2 is vulnerable to unauthorized access via usereditpassword.php, remote attackers can modify the password of any user...
White Shark System 跨站请求伪造漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A cross-site request forgery vulnerability exists in...