| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. |
| An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. |
| SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. |
| The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. |
| An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. |
| SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. |
| The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. |
| TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. |
| CXUUCMS V3 allows class="layui-input" XSS. |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload. |
| dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData. |
| dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame. |
| dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame. |
| dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame. |
