kimai 跨站脚本漏洞

kimai2 is an open source, web-based multi-user time tracking application. kimai2 suffers from a cross-site scripting vulnerability, for which no details of the vulnerability are currently available...

SourceCodester Simple Subscription Website Cross-Site Scripting Vulnerability

SourceCodester Simple Subscription Website is a web-based application. sourceCodester Simple Subscription Website 1.0 is vulnerable to cross-site scripting, which can be exploited by attackers to execute cross-site scripting via the plan application's id parameter to execute cross-site scripting...

Sourcecodester Simple Subscription Website SQL Injection Vulnerability

Simple Subscription Website is a web-based application. SourceCodester Simple Subscription Website 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection via login...

Pharmacy Point Of Sale System SQL注入漏洞

Pharmacy Point Of Sale System is a web-based application by Carlo Montero, an individual developer. It is used to help a pharmacy manage its sales transactions. A SQL injection vulnerability exists in Pharmacy Point of Sale System version 1.0, which can be exploited via the useremail parameter in...

Sourcecodester Budget and Expense Tracker System 代码问题漏洞

Sourcecodester Budget And Expense Tracker System is a web-based application by Carlo Montero Personal Developer. It is used to manage your personal/small business budget and expenses. A remote code execution vulnerability exists in Sourcecodester Budget and Expense Tracker System, which can be...

ADSelfService Plus 代码问题漏洞

Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...

JetBrains Hub Licensing Issue Vulnerability (CNVD-2022-09225)

JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together. An authorization issue vulnerability exists in versions prior to JetBrains Hub 2021.1.13402, which stems from the fact that it is possible for the...

Simple Image Gallery Web App Access Control Error Vulnerability

Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...

Cross-site Scripting (XSS) - Reflected in erudika/scoold

✍️ Description It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser. 🕵️‍♂️ Proof of Concept...

Oracle Hospitality Reporting and Analytics has an unspecified vulnerability (CNVD-2021-56433)

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data, provides operational and analytical insight into business operations, and improves efficiency by delivering information to all roles within the organization. and Analytics version 9.1.0...

IBM Tivoli Netcool/OMNIbus Web GUI Storage Based Cross-Site Scripting Vulnerability

IBM Tivoli Netcool/OMNIbus is a service-level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is a web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats in...

Cross site request forgery (csrf)

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery CSRF vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an...

Blitar Tourism 1.0 - Authentication Bypass SQL Injection Vulnerability

Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi Exploit Author: sigeri94 Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/ Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master Version: 1.0 POST /travel/Admin...

Oracle Hospitality Reporting and Analytics Access Control Error Vulnerability

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data to provide operational and analytical insights into business operations and improve efficiency by delivering information to all roles within an organization. An unspecified vulnerability...

CVE-2020-3586 Cisco DNA Spaces Connector Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection Exploit

Exploit for multiple platform in category web applications Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor:...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

Rukovoditel SQL Injection Vulnerability

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A SQL injection vulnerability exists in Rukovoditel version 2.5.2. The vulnerability stems from a lack ...

Unspecified Vulnerability in Oracle Hospitality Reporting and Analytics (CNVD-2019-36659)

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data, provides operational and analytical insights into business operations, and improves efficiencies by delivering information to all roles within an organization. An unspecified vulnerabili...

Unspecified Vulnerability in Oracle Hospitality Reporting and Analytics (CNVD-2019-36657)

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data, provides operational and analytical insights into business operations, and improves efficiencies by delivering information to all roles within an organization. An unspecified vulnerabili...