Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33584 1 Enrollment System Project 1 Enrollment System 2024-11-21 9.8 Critical
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVE-2023-33580 1 Phpgurukul 1 Student Study Center Management System 2024-11-21 4.8 Medium
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
CVE-2023-33564 1 Phpjabbers 1 Time Slots Booking Calendar 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
CVE-2023-33563 1 Phpjabbers 1 Time Slots Booking Calendar 2024-11-21 8.8 High
In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
CVE-2023-33562 1 Phpjabbers 1 Time Slots Booking Calendar 2024-11-21 9.8 Critical
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-33561 1 Phpjabbers 1 Time Slots Booking Calendar 2024-11-21 9.8 Critical
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
CVE-2023-33560 1 Phpjabbers 1 Time Slots Booking Calendar 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
CVE-2023-33559 1 Ocomon Project 1 Ocomon 2024-11-21 8.8 High
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.
CVE-2023-33558 1 Ocomon Project 1 Ocomon 2024-11-21 7.5 High
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
CVE-2023-33546 1 Janino Project 1 Janino 2024-11-21 5.5 Medium
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.
CVE-2023-33534 2 Guanzhou Tozed Kangwei Intelligent Technology, Sztozed 3 Zlts10g, Zlt S10g, Zlt S10g Firmware 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.
CVE-2023-33517 1 Carrental Project 1 Carrental 2024-11-21 7.5 High
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
CVE-2023-33493 1 Ajaxmanager Project 1 Ajaxmanager 2024-11-21 9.8 Critical
An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.
CVE-2023-33481 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.
CVE-2023-33480 1 Remoteclinic 1 Remote Clinic 2024-11-21 8.8 High
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
CVE-2023-33479 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
CVE-2023-33478 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
CVE-2023-33469 1 Kramerav 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more 2024-11-21 7.8 High
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
CVE-2023-33468 1 Kramerav 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more 2024-11-21 9.1 Critical
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
CVE-2023-33413 1 Supermicro 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more 2024-11-21 8.8 High
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.