Lucene search
K

114 matches found

CNNVD
CNNVD
added 2022/05/11 12:0 a.m.5 views

Bus Pass Management System 安全漏洞

Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...

6.5CVSS6.6AI score0.01265EPSS
Exploits1References4
OSV
OSV
added 2021/10/27 5:15 p.m.6 views

CVE-2021-37806

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEPN function payload that will sleep for a number of seconds used on the 1 editid , 2...

5.9CVSS5.9AI score0.01781EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/10/27 12:0 a.m.5 views

PT-2021-21876 · Unknown · Vehicle Parking Management System

Name of the Vulnerable Software and Affected Versions: Vehicle Parking Management System version 1.0 Description: A time-based SQL injection vulnerability exists in the Vehicle Parking Management System, affecting multiple endpoints. The vulnerability is exploited using the SLEEPN function payloa...

5.9CVSS7.8AI score0.01781EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2020/08/06 12:0 a.m.154 views

Curfew e-Pass Management System 1.0 SQL Injection

Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 04.08.2020 Exploit Author: Mucahit Karadag Vendor Homepage: https://products.phpgurukul.com/product/curfew-e-pass-management-system-project-report/ Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.222 views

Curfew e-Pass Management System 1.0 SQL Injection Vulnerability

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...

0.4AI score
Exploits0
OSV
OSV
added 2017/11/05 5:29 p.m.4 views

CVE-2017-16543

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter...

9.8CVSS5.8AI score0.05558EPSS
Exploits3References3
Cvelist
Cvelist
added 2017/11/05 5:0 p.m.32 views

CVE-2017-16543

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter...

9.9AI score0.05558EPSS
Exploits3References3
NVD
NVD
added 2014/08/12 8:55 p.m.17 views

CVE-2014-5201

SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...

7.5CVSS8.4AI score0.04594EPSS
Exploits1References3
Prion
Prion
added 2014/08/12 8:55 p.m.16 views

Sql injection

SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...

7.5CVSS9.1AI score0.04594EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/08/12 8:0 p.m.30 views

CVE-2014-5201

SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...

8.4AI score0.04594EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2014/07/18 12:0 a.m.24 views

WordPress Plugin Gallery Objects 0.4 - SQL Injection

Exploit Title : Wordpress Gallery Objects 0.4 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://galleryobjects.com/ Software Link : http://downloads.wordpress.org/plugin/gallery-objects.0.4.zip Dork Google: inurl:/admin-ajax.php?action=goviewobject Date : 2014-07-18 Tested o...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/02/06 12:0 a.m.24 views

LogAnalyzer userchange.php 'viewid' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'viewid' parameter of the 'userchange.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...

5.7AI score
Exploits0References1
NVD
NVD
added 2012/02/14 12:55 a.m.20 views

CVE-2012-1063

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the 1 viewId parameter to fault/AlarmView.do or 2 period parameter to showHistoryData.do...

7.5CVSS8.5AI score0.01294EPSS
Exploits1References4
Prion
Prion
added 2006/01/07 12:3 a.m.9 views

Sql injection

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it...

7.5CVSS8.4AI score0.0133EPSS
Exploits2References4
Rows per page
Query Builder