EUVD-2021-19143

Malware in sbrugna...

PT-2024-38539 · Secom · Dr.Id Access Control System

Name of the Vulnerable Software and Affected Versions: Dr.ID Access Control System from SECOM versions up to 3.6.2 Description: The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a...

novel-plus SQL Injection Vulnerability

novel-plus is a multi-end PC, WAP reading and functional original literary CMS system. A SQL injection vulnerability exists in novel-plus version v3.6.2. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this...

Sql injection

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...

CVE-2023-37847

CVE-2023-37847 affects novel-plus v3.6.2 with a SQL injection vulnerability caused by insufficient validation of externally entered SQL statements. The issue enables an attacker to execute arbitrary SQL commands and potentially steal or alter sensitive database data. No remediation or patch versi...

CVE-2023-37847

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...

CVE-2023-37847

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

Arbitrary file deletion

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

CVE-2022-36671

CVE-2022-36671 affects Novel-Plus v3.6.2, with an arbitrary file download vulnerability exposed via the background file download API. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates a network-based, unauthenticated issue with high impact to confidentiality and no impact on integri...

CVE-2021-32289

An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP located in nalutil.cpp. It allows an attacker to cause Denial of Service...

CVE-2021-32288

An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution...

CVE-2021-32289

An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP located in nalutil.cpp. It allows an attacker to cause Denial of Service...