| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0. |
| School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. |
| Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. |
| Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. |
| Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. |
| The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. |
| The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. |
| The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php. |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. |
| Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view. |
| School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. |
| School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. |
| School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) |
