213680 matches found
Sql injection
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed ...
Cross site scripting
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be...
Cross site scripting
Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...
Cross site request forgery (csrf)
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery CSRF via the component /savesettings.php...
Cross site request forgery (csrf)
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery CSRF via /update-article.php...
Open redirect
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-22939. Reason: This candidate is a duplicate of CVE-2024-22939. Notes: All CVE users should reference CVE-2024-22939 instead of this candidate...
Cross site scripting
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack...
Cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack...
Sql injection
A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file viewpost.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has...
Design/Logic Flaw
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences...
Code injection
In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...
Race condition
In OpenBSD 7.4 before errata 009, a race condition between pf4's processing of packets and expiration of packet states may cause a kernel panic...
Authorization
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...
Design/Logic Flaw
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
Authentication flaw
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
Authorization
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...
Cross site scripting
Bagisto v1.5.1 is vulnerable for Cross site scriptingXSS via png file upload vulnerability in product review option...
Command injection
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...
Cross site scripting
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated...
Sql injection
A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
Cross site scripting
A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched...
Authentication flaw
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file...
Design/Logic Flaw
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager ESM. The vulnerability could be remotely exploited...
Cross site scripting
A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument fullname leads to cross site scripting. The...
Sql injection
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. T...
Cross site scripting
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack...
Input validation
Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
Stack overflow
LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpnclientip parameter in the configvpnpptp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Stack overflow
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the initnvram function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Stack overflow
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Stack overflow
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apnname3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Stack overflow
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Stack overflow
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generateconfrouter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
Design/Logic Flaw
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be...
Design/Logic Flaw
Dell Secure Connect Gateway SCG Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the...
Cross site scripting
Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data...
Cross site scripting
Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data...
Cross site scripting
Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a...
Cross site scripting
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions...
Cross site scripting
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function...
Sql injection
A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/logincrud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploi...
Sql injection
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/editsupplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...
Cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profilecrud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the atta...
Sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/editcategories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...
Authorization
Dell Secure Connect Gateway SCG Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosu...
Cross site scripting
Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
Design/Logic Flaw
Dell Update Package DUP, Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin...