137 matches found
Dolibarr Authorization Issues Vulnerability
Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An authorization issue vulnerability exists in Dolibarr. The...
Easy XML Editor Code Problem Vulnerability
Easy XML Editor is an XML editor. A code issue vulnerability exists in Easy XML Editor v1.7.8 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided at this...
Tableau Code Issues Vulnerabilities
Tableau is a very easy to get started with the data analysis software, just import data through a simple point and click, mouse drag and drop to generate reports. There is a code issue vulnerability in Tableau. The vulnerability arises from a design or implementation problem in the code developme...
SQL Injection Vulnerability in 'id' Parameter of Single Point CRM System
Single point CRM system is a single point of technology development , based on the GPLv3 agreement issued for small and medium-sized management activities , to provide customer relationship management CRM, sales and marketing inventory JXC, human resources HRM, logistics office supplies , fixed...
Honeywell XL Web II Controller Clear Text Stored Password Vulnerability
Honeywell XL Web Controller is a web-based SCADA system. A plaintext stored password vulnerability exists in the Honeywell XL Web II Controller, which could allow an attacker to obtain a user's password by accessing a specific URL...
Lynxspring JENEsys BAS Bridge Cross-Site Request Forgery Vulnerability
Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. A cross-site request forgery vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to th...
SDG Technologies Plug and Play SCADA Cross-Site Scripting Vulnerability
SDG Technologies Plug and Play SCADA is a suite of web-based SCADA and HMI software for use in the energy industry. SDG Technologies Plug and Play SCADA fails to adequately filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code...
Resource Data Management Elevation of Privilege Vulnerability
Resource Data Management is a Web-based SCADA monitoring system. An elevation of privilege vulnerability exists in the implementation of Resource Data Management. An attacker can exploit this vulnerability to elevate privileges and change the password of any user...
SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/Visa/gjqz_add.aspx?id=.
Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...
LDAP Account Manager Pro 3.6 跨站脚本和HTML注入漏洞
LDAP Account Manager LAM是一个基于浏览器的LDAP帐号管理系统 LDAP Account Manager LAM存在多个持久型输入校验漏洞,允许攻击者在应用程序段实现恶意脚本代码,成功利用漏洞操作数据或劫持会话user/mod/admin 另外也受客户端跨站脚本漏洞,允许攻击者劫持目标用户/admin会话 0 LDAP Account Manager Pro 3.6 厂商解决方案 目前没有详细解决方案提供: http://lam.sourceforge.net/index.htm...
Debian DSA-2046-1 : phpgroupware - several vulnerabilities
Several remote vulnerabilities have been discovered in phpgroupware, a Web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary...
ravennuke 2.3.0 - Multiple Vulnerabilities
waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...
IBM AIX WebSM Remote Client For Linux本地不安全文件权限漏洞
BUGTRAQ ID: 27433 IBM AIX是一款商业性质的UNIX操作系统。 Web-based System Manager(WebSM)Remote Client for Linux在安装文件时设置了不正确的访问权限,本地攻击者可能利用此漏洞执行权限提升。 Web-based System Manager(WebSM)Remote Client for Linux允许远程管理AIX系统。当在Linux系统上安装WebSM Remote Client时,一些安装的文件错误地分配了完全可写的权限,因此Linux系统上的任意用户都可以写入这些文件。 IBM AIX 5.3 IBM...
IBM Web-based System Manager未明拒绝服务漏洞
IBM AIX是一款商业性质的操作系统。 IBM AIX基于WEB的系统管理器存在未明问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 IBM AIX 5.3 IBM AIX 5.2 补丁下载: IBM AIX 5.2 IBM websmifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/websmifix.tar.Z IBM AIX 5.3 IBM websmifix.tar.Z...
[Full-Disclosure] Centre 1.0 PHP injection, bypass authentication + possible SQL injection.
Summary: The Miller Group, Inc. www.miller-group.net announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility,...
Mozilla Bugzilla 2.4/2.6/2.8/2.10 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1199/info Bugzilla is a web-based bug-tracking system based on Perl and MySQL. It allows people to submit bugs and catalogs them. Bugzilla is prone to a vulnerability which may allow remote users to execute arbitrary commands on the target webserver. When...
CVE-2024-33802
A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...