| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. |
| XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. |
| Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. |
| Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu. |
| An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. |
| SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. |
| SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. |
| SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. |
| SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. |
| SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. |
| CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account. |
