CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2024-27709

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...

CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2024-27709

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...

CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2024-27709

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...

CVE-2024-27709

SQL Injection in Eskooly Web Product v.3.0 is documented across multiple sources (CVE-2024-27709). The vulnerability affects the web application’s components, notably allstudents.php (searchby parameter) and requestmanager.php (id parameter), allowing a remote attacker to execute arbitrary code. ...

PT-2024-22000 · Unknown · Eskooly Web Product

Name of the Vulnerable Software and Affected Versions: Eskooly Web Product version 3.0 Description: The issue allows a remote attacker to execute arbitrary code via the searchby parameter of the "allstudents.php" component and the id parameter of the "requestmanager.php" component. This enables t...

CVE-2024-27709

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...

PT-2024-22007 · Unknown · Eskooly Web Product

Name of the Vulnerable Software and Affected Versions: Eskooly Web Product versions 3.0 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the message sending and user input fields. This is a Cross Site Scripting vulnerability. Recommendations: For Eskooly W...

CVE-2024-27716

Eskooly Web Product (versions 3.0 and earlier) has a Cross Site Scripting (XSS) vulnerability that can allow a remote attacker to execute arbitrary code via message sending and user input fields. Root cause is XSS in the web product; impact includes arbitrary code execution. Remediation guidance ...

Design/Logic Flaw

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server...

IBM Rational Focal Point Cross-Site Scripting Vulnerability (CNVD-2015-01906)

IBM Rational Focal Point is a Web-based product management system for IBM Rational with a built-in customer- and market-oriented product management process that provides workflow automation, information relevance analysis, statistical analysis of information, and prioritization analysis of...

NCT Jobs Portal Script XSS and Authentication bypass

Exploit for php platform in category web applications ==================================================== NCT Jobs Portal Script XSS and Authentication bypass ==================================================== Exploit Title: XSS and Authentication bypass in NCT Jobs Portal Script Date:...

NCT Jobs Portal Script SQL Injection / Cross Site Scripting

Exploit Title: XSS and Authentication bypass in NCT Jobs Portal Script Date: 24-apr-2010 Author: Sid3^effects Software Link: N/a CVE : Code : XSS and Authentication bypass in NCT Jobs Portal Script Vendor:http://www.ncrypted.net/ Author:Sid3^effects Description : NCT Jobs Portal script is a web...

smartermail-xss.txt

Product: SmarterMail Enterprise 4.3 Web product: http://www.smartertools.com/Products/SmarterMail/O verview.aspx web product demo: http://maildemo.smartertools.com/Login.aspx Apparently this webmail is vulnerable to an attack xss very dangerous because it runs automatically when you open the inbo...