‼️CVE-2023-49639‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customerdetails' parameter of the buyerinvoicesubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49658‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49665‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49666‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmerdetails' parameter of the submitmateriallist.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50743‼️
📖 Read more
Via "National Vulnerability Database"
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50752‼️
📖 Read more
Via "National Vulnerability Database"
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50753‼️
📖 Read more
Via "National Vulnerability Database"
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the userupdateprofile.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-3726‼️
📖 Read more
Via "National Vulnerability Database"
OCSInventory allow stored email template with special characters that lead to a Stored crosssite Scripting. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50760‼️
📖 Read more
Via "National Vulnerability Database"
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of userupdateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50862‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50863‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50864‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50865‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50866‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50867‼️
📖 Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21625‼️
📖 Read more
Via "National Vulnerability Database"
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a oneclick remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6551‼️
📖 Read more
Via "National Vulnerability Database"
As a simple library, class.upload.php does not perform an indepth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide contenttype based on the file extension. The README has been updated to include these guidelines. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6270‼️
📖 Read more
Via "National Vulnerability Database"
A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a useafterfree can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51154‼️
📖 Read more
Via "National Vulnerability Database"
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component admincPluginsController.php.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51812‼️
📖 Read more
Via "National Vulnerability Database"
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution RCE vulnerability via the list parameter at goformSetNetControlList.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21636‼️
📖 Read more
Via "National Vulnerability Database"
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a crosssite scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template are affected. The return value of the call method is not sanitized and can include userdefined content. In addition, the return value of the outputpostamble methodis not sanitized, which can also lead to crosssite scripting issues. Versions 3.9.0 has been released and fully mitigates both the call and the outputpostamble vulnerabilities. As a workaround, sanitize the return value of call.📖 Read more
Via "National Vulnerability Database"