GESTSUP 跨站请求伪造漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site request forgery vulnerability exists in GestSup 3.2.56 and prior versions, which stems from the application's failure to validate the...

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...

EUVD-2000-0396

Malware in sbrugna...

ZKTeco BioTime multiple vulnerabilities

RISK EVALUATION ZKTeco BioTime is a web-based time and attendance management software. A default password vulnerability was found that allows an attacker to log in to any user account that does not change their password. Attackers utilizing this obtain user credentials and can possibly perform...

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime that could allow an unauthenticated attacker to enumerate usernames and log in to an arbitrary account using the default password 12345...

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

ZOHO ManageEngine Exchange Reporter Plus 安全漏洞

ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus version 5717 and prior versions. An attacker can exploit this vulnerability to perform SQL injection attacks...

CVE-2024-36109

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...

CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...

GESTSUP Security Vulnerabilities

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A security vulnerability exists in GESTSUP version v3.2.46, which stems from the presence of a cross-site scripting XSS vulnerability that allows a...

GESTSUP Security Vulnerabilities

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A security vulnerability exists in GESTSUP version v3.2.46, which stems from the presence of a cross-site request forgery CSRF vulnerability that...

Sanalogy Turasistan SQL Injection Vulnerability

Sanalogy Turasistan is a web-based travel automation software from Sanalogy, Inc. A SQL injection vulnerability exists in versions prior to Sanalogy Turasistan 20230911, which stems from improper neutralization of special elements...

CVE-2022-39214

CVE-2022-39214 (Combodo iTop) : Authenticated users can take over any account by knowing the target username. Affected: iTop prior to 2.7.8 and 3.0.2-1. Root cause: horizontal account takeover due to login handling. Impact: total account takeover with high confidentiality/integrity/availability i...

ZOHO ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability (CNVD-2021-94825)

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Plus, which stems from the product's failure to validate user identities and could be exploited by attackers to obtain a...

Zoho ManageEngine SupportCenter Plus 代码问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. Used to allow organizations to effectively manage customer requests, their account and contact information, and service contracts, and in the process provide a superior customer experience, ZOHO...

Piwigo suffers from a SQL injection vulnerability

Piwigo is a web-based photo album software from the Piwigo team. Piwigo suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

IBM Emptoris Contract Management Cross-Site Scripting Vulnerability (CNVD-2021-01992)

IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties. A cross-site scripting vulnerability exists in IBM Emptoris Contract Management 10.1.3. An attacker can exploit this vulnerability to embed arbitrary JavaScri...

Rukovoditel Cross-Site Scripting Vulnerability (CNVD-2020-26655)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A cross-site scripting vulnerability exists in the User Access Groups page of the Application Structure...

Footy Tipping Software AFL Web Edition Cross-Site Scripting Vulnerability

Footy Tipping Software AFL Web Edition is a web-based soccer competition software program. A cross-site scripting vulnerability exists in Footy Tipping Software AFL Web Edition version 2019, which can be exploited by an attacker to execute client-side code...

Open-School SQL Injection Vulnerability

Open-School is a Web-based school management software. The software provides online fee collection, attendance and online library features. A SQL injection vulnerability exists in Open-School version 2.3 Community Edition and version 3.0, which stems from a lack of validation of externally entere...