‼ CVE-2021-36204 ‼
📖 Read
via "National Vulnerability Database".
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45299 ‼
📖 Read
via "National Vulnerability Database".
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21595 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20169 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46093 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21597 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21594 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10042 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21598 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0298 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22602 ‼
📖 Read
via "National Vulnerability Database".
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1812 ‼
📖 Read
via "National Vulnerability Database".
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2815 ‼
📖 Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20167 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10020 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10043 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The name of the patch is 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0302 ‼
📖 Read
via "National Vulnerability Database".
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-23590 ‼
📖 Read
via "National Vulnerability Database".
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0303 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0304 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218385 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0305 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".