EUVD-2023-31070

Malicious code in bioql PyPI...

CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...

CVE-2013-10070 PHP-Charts v1.0 PHP Code Execution

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CVE-2024-13532

CVE-2024-13532 affects the Small Package Quotes – Purolator Edition WordPress plugin (versions

CVE-2024-3217

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-11710

CVE-2024-11710 affects WordPress plugin WP Job Portal – A Complete Recruitment System for Company or Job Board website, vulnerable to SQL Injection via fieldfor, visibleParent and id parameters in all versions up to 2.2.2 due to insufficient escaping and poor query preparation. The vulnerability ...

CVE-2024-20532 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

CVE-2024-20527 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

WordPress Plugin Super Testimonials Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Leaflet Map Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

Zoho ManageEngine ApplicationManager Command Injection (CVE-2018-7890)

A command injection vulnerability exists in Zoho ManageEngine ApplicationManager. The vulnerability is due to improper validation of the user supplied parameters. A remote attacker can exploit this vulnerability by sending crafted parameters to the target system...

CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

Input validation

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CVE-2022-20925

Summary (CVE-2022-20925) : The Cisco Firepower Management Center (FMC) web management interface is affected by an API input validation vulnerability. An authenticated attacker with Device-permission credentials could exploit crafted input to API endpoints to execute arbitrary OS commands with low...

CVE-2021-41162 Cross-site Scripting in Combodo iTop

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...

PT-2022-11368 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 3.0.0-beta6 Description: The issue affects Combodo iTop, a web-based IT Service Management tool. In the affected versions, the export CSV page does not properly escape user-supplied parameters, allowing for...

Cisco Webex Meetings Input Validation Error Vulnerability

An input validation error vulnerability exists in Cisco Webex Meetings, a video conferencing solution from Cisco, which stems from insufficient validation of user-supplied parameters in the product. An attacker could send an activation email to an increasingly account through this vulnerability...