Lucene search
K

137 matches found

CNVD
CNVD
added 2020/02/11 12:0 a.m.4 views

Dolibarr Authorization Issues Vulnerability

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An authorization issue vulnerability exists in Dolibarr. The...

10CVSS7.1AI score0.04537EPSS
Exploits4References1
CNVD
CNVD
added 2020/01/03 12:0 a.m.4 views

Easy XML Editor Code Problem Vulnerability

Easy XML Editor is an XML editor. A code issue vulnerability exists in Easy XML Editor v1.7.8 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided at this...

8.1CVSS7.2AI score0.05163EPSS
Exploits5References1
CNVD
CNVD
added 2019/08/29 12:0 a.m.3 views

Tableau Code Issues Vulnerabilities

Tableau is a very easy to get started with the data analysis software, just import data through a simple point and click, mouse drag and drop to generate reports. There is a code issue vulnerability in Tableau. The vulnerability arises from a design or implementation problem in the code developme...

5.5CVSS7.1AI score0.00285EPSS
Exploits1References1
CNVD
CNVD
added 2017/02/26 12:0 a.m.2 views

SQL Injection Vulnerability in 'id' Parameter of Single Point CRM System

Single point CRM system is a single point of technology development , based on the GPLv3 agreement issued for small and medium-sized management activities , to provide customer relationship management CRM, sales and marketing inventory JXC, human resources HRM, logistics office supplies , fixed...

7.6AI score
Exploits0
CNVD
CNVD
added 2017/02/05 12:0 a.m.5 views

Honeywell XL Web II Controller Clear Text Stored Password Vulnerability

Honeywell XL Web Controller is a web-based SCADA system. A plaintext stored password vulnerability exists in the Honeywell XL Web II Controller, which could allow an attacker to obtain a user's password by accessing a specific URL...

9.8CVSS6.8AI score0.01744EPSS
Exploits0References1
CNVD
CNVD
added 2016/11/17 12:0 a.m.6 views

Lynxspring JENEsys BAS Bridge Cross-Site Request Forgery Vulnerability

Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. A cross-site request forgery vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to th...

8.8CVSS6.8AI score0.00641EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/01 12:0 a.m.2 views

SDG Technologies Plug and Play SCADA Cross-Site Scripting Vulnerability

SDG Technologies Plug and Play SCADA is a suite of web-based SCADA and HMI software for use in the energy industry. SDG Technologies Plug and Play SCADA fails to adequately filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code...

7AI score
Exploits0References1
CNVD
CNVD
added 2015/09/28 12:0 a.m.5 views

Resource Data Management Elevation of Privilege Vulnerability

Resource Data Management is a Web-based SCADA monitoring system. An elevation of privilege vulnerability exists in the implementation of Resource Data Management. An attacker can exploit this vulnerability to elevate privileges and change the password of any user...

5.5CVSS7.3AI score0.01119EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/29 12:0 a.m.3 views

SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/Visa/gjqz_add.aspx?id=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2012/03/03 12:0 a.m.25 views

LDAP Account Manager Pro 3.6 跨站脚本和HTML注入漏洞

LDAP Account Manager LAM是一个基于浏览器的LDAP帐号管理系统 LDAP Account Manager LAM存在多个持久型输入校验漏洞,允许攻击者在应用程序段实现恶意脚本代码,成功利用漏洞操作数据或劫持会话user/mod/admin 另外也受客户端跨站脚本漏洞,允许攻击者劫持目标用户/admin会话 0 LDAP Account Manager Pro 3.6 厂商解决方案 目前没有详细解决方案提供: http://lam.sourceforge.net/index.htm...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/05/17 12:0 a.m.26 views

Debian DSA-2046-1 : phpgroupware - several vulnerabilities

Several remote vulnerabilities have been discovered in phpgroupware, a Web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary...

7.5CVSS6.4AI score0.0233EPSS
Exploits3References5
Exploit DB
Exploit DB
added 2009/02/16 12:0 a.m.56 views

ravennuke 2.3.0 - Multiple Vulnerabilities

waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...

7AI score
Exploits0
seebug.org
seebug.org
added 2008/01/26 12:0 a.m.20 views

IBM AIX WebSM Remote Client For Linux本地不安全文件权限漏洞

BUGTRAQ ID: 27433 IBM AIX是一款商业性质的UNIX操作系统。 Web-based System Manager(WebSM)Remote Client for Linux在安装文件时设置了不正确的访问权限,本地攻击者可能利用此漏洞执行权限提升。 Web-based System Manager(WebSM)Remote Client for Linux允许远程管理AIX系统。当在Linux系统上安装WebSM Remote Client时,一些安装的文件错误地分配了完全可写的权限,因此Linux系统上的任意用户都可以写入这些文件。 IBM AIX 5.3 IBM...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/06/04 12:0 a.m.23 views

IBM Web-based System Manager未明拒绝服务漏洞

IBM AIX是一款商业性质的操作系统。 IBM AIX基于WEB的系统管理器存在未明问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 IBM AIX 5.3 IBM AIX 5.2 补丁下载: IBM AIX 5.2 IBM websmifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/websmifix.tar.Z IBM AIX 5.3 IBM websmifix.tar.Z...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2004/07/02 12:0 a.m.30 views

[Full-Disclosure] Centre 1.0 PHP injection, bypass authentication + possible SQL injection.

Summary: The Miller Group, Inc. www.miller-group.net announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility,...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2000/05/11 12:0 a.m.38 views

Mozilla Bugzilla 2.4/2.6/2.8/2.10 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1199/info Bugzilla is a web-based bug-tracking system based on Perl and MySQL. It allows people to submit bugs and catalogs them. Bugzilla is prone to a vulnerability which may allow remote users to execute arbitrary commands on the target webserver. When...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 1976/01/01 12:0 a.m.14 views

CVE-2024-33802

A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

8.8AI score0.00426EPSS
Exploits1References1
Rows per page
Query Builder