Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows 10 Version 21H2 for...

EUVD-2016-2248

Malware in sbrugna...

EUVD-2024-44283

Malicious code in bioql PyPI...

CVE-2024-52680

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting XSS in /login.php?m=admin&c=System&a=web&lang=cn...

CVE-2011-4143

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors...

MESbook 资源管理错误漏洞

MESbook is a web-based system from MESbook Inc. connects to factory machines and converts data into information for real-time management. MESbook has a resource management error vulnerability that can be exploited by an attacker to cause resource consumption and disable the application...

MESbook 安全漏洞

MESbook is a web-based system from MESbook Inc. connects to factory machines and converts data into information for real-time management. MESbook has a Specified Function Provisioning Error vulnerability that can be exploited by an attacker to register a user account without authentication...

MESbook 安全漏洞

MESbook is a web-based system from MESbook Inc. connects to factory machines and converts data into information for real-time management. MESbook has a server-side request forgery vulnerability that can be exploited by an attacker to read the source code of a web file, read internal files or acce...

Deprixa 3.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Deprixa 3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor :...

Courier Deprixa Pro Integrated Web System 3.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CVE-2023-31498

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter...

CVE-2022-34776 Tabit - giftcard stealth

Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not...

CVE-2022-34770 Tabit - sensitive information disclosure

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

Apache Jena XML External Entity Injection Vulnerability (CNVD-2022-38521)

Apache Jena is a Java Semantic Web framework from the U.S. Apache Apache Foundation. It is used to build semantic Web and linked data applications. Apache Jena suffers from an XML external entity injection vulnerability, which stems from a Web system or product that does not set the correct filte...

Vulnerability of authorization issues in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. versions 2.5.0 through 3.10.6 and 4.0.0 through 4.1.0 contain an authorization issue vulnerability that originates from a lack of authentication measures or insufficient authentication strength in the web system o...

MingSoft Mcms SQL注入漏洞

MingSoft Mcms is China's Ming Fei MingSoft company a complete open source J2ee system . mingSoft MCMS suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

Crafter CMS licensing issue vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications. Crafter CMS is vulnerable to an authorization issue in versions 3.1 through 3.1.15, which stems from a lack of authentication measures or insufficient authentication strength in the web system or...

Google Chrome service workers security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google chrome, which is caused by improper design or implementation during the development of code for a web system or product. A remote attacker could exploit the vulnerability to bypass security restrictions...

Microsoft Visual Studio Permissions and Access Control Issues Vulnerability

Microsoft Visual Studio is a family of development tools from Microsoft Corporation, and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Vulnerability. The vulnerability stems from a lack of effective permission and access contro...

Json-Ptr type obfuscation vulnerability

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...