๐จ CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
๐@cveNotify
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
๐@cveNotify
GitHub
There is stored XSS in version 1.6.4 which can lead to stealing sensitive information of logged-in users ยท Issue #55 ยท weng-xianhu/eyoucms
Software Link : https://github.com/weng-xianhu/eyoucms Website : http://www.eyoucms.com/ Vulnerable version 1.6.4 download address ๏ผhttps://qiniu.eyoucms.com/source/EyouCMS-V1.6.4-UTF8-SP1_1015.zip...
๐จ CVE-2023-33206
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
๐@cveNotify
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
๐@cveNotify
๐2๐1
๐จ CVE-2024-43199
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
๐@cveNotify
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
๐@cveNotify
GitHub
configure.ac: don't install binaries as ndo2db_user:ndo2db_group ยท NagiosEnterprises/ndoutils@18ef120
In configure.ac we were adding two flags to INSTALL_OPTS that change
the owner:group of all installed files to ndo2db_user:ndo2db_group.
This is often a security vulnerability, since executables (w...
the owner:group of all installed files to ndo2db_user:ndo2db_group.
This is often a security vulnerability, since executables (w...
๐จ CVE-2023-45382
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
๐@cveNotify
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
๐@cveNotify
๐จ CVE-2023-7247
The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
๐@cveNotify
The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
๐@cveNotify
๐จ CVE-2024-36829
Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.
๐@cveNotify
Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.
๐@cveNotify
Gist
CVE-2024-36829
CVE-2024-36829. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-39158
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
๐@cveNotify
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
๐@cveNotify
GitHub
cms2/58/csrf.md at main ยท Thirtypenny77/cms2
Contribute to Thirtypenny77/cms2 development by creating an account on GitHub.
๐จ CVE-2024-7164
A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_1.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7165
A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579.
๐@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_2.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7166
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.
๐@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_3.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7167
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_4.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7168
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_5.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7169
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.
๐@cveNotify
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.
๐@cveNotify
Gist
sourcecodester_School Fees Payment System_CSRF_1.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7194
A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.
๐@cveNotify
A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.
๐@cveNotify
GitHub
Mirage/CVE7-1.md at main ยท DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
๐จ CVE-2024-7195
A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.
๐@cveNotify
A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.
๐@cveNotify
GitHub
Mirage/CVE7-2.md at main ยท DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
๐จ CVE-2024-7196
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_1.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7197
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_2.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7198
A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.
๐@cveNotify
A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.
๐@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_3.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7199
A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.
๐@cveNotify
A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.
๐@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_4.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-7200
A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability.
๐@cveNotify
A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_Complaints Report Management System_XSS_1.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-42010
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
๐@cveNotify
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
๐@cveNotify
GitHub
Releases ยท roundcube/roundcubemail
The Roundcube Webmail suite. Contribute to roundcube/roundcubemail development by creating an account on GitHub.