CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...
6.3CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...
6.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....
6.8CVSS
7.2AI Score
0.0004EPSS
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
5.4CVSS
5.6AI Score
0.0005EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...
6.3CVSS
7.4AI Score
0.0004EPSS
libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share implementation flaws, but may share design flaws mdeslaur |...
6.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...
6.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack.....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......
6.3CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
5.3CVSS
7AI Score
0.01EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.4 (RHSA-2023:4909)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4909 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
9.8CVSS
7.6AI Score
0.059EPSS
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...
6.6AI Score
0.0004EPSS
ThinkPHP 5.0.24 - Information Disclosure
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...
7.5CVSS
7.2AI Score
0.013EPSS
Splunk <=7.0.1 - Information Disclosure
Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license...
5.3CVSS
4.9AI Score
0.839EPSS
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid...
7.2AI Score
EPSS
CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......
6.3CVSS
7.5AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7CVSS
7.2AI Score
0.002EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...
3.5CVSS
4.1AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.3 (RHSA-2023:3420)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3420 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
8.1AI Score
0.004EPSS
design-atelier.co.in Cross Site Scripting vulnerability OBB-3864663
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
MicroLogix 1400 PLC Web Server Request Handling RCE
The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can...
4.5AI Score
Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the...
9.1AI Score
0.0004EPSS
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...
8CVSS
7.3AI Score
0.0004EPSS
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
9.9AI Score
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...
8CVSS
5.9AI Score
0.0004EPSS
Dell EMC Data Protection Central Web Interface Detected
Detects the web interface for Dell EMC Data Protection Central on the remote...
1.4AI Score
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Zend_Json_Encoder was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON...
6.3AI Score
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
The default error handling view script generated using Zend_Tool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. Zend_Tool_Project_Context_Zf_ViewScriptFile was patched such that the view script template now...
6.2AI Score
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...
3.5CVSS
6.2AI Score
0.0004EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
7.2AI Score
0.0004EPSS
VMware Aria Operations For Networks Web Interface Detection
The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...
7.1AI Score
Schneider Electric InduSoft Web Studio Arbitrary Script Execution
The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...
1.9AI Score
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....
5.3CVSS
6.6AI Score
0.0005EPSS
Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email...
8.8CVSS
8.1AI Score
0.001EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.8 (RHSA-2024:1318)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1318 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
7.6AI Score
0.005EPSS
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3.1 (RHSA-2020:2506)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2506 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7CVSS
7.9AI Score
0.922EPSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
0.0004EPSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
5.7AI Score
0.0004EPSS