Security
Headlines
HeadlinesLatestCVEs

Tag

#php

VOTAB Voting Quiz PHP Script 1.0 Cross Site Scripting

VOTAB Voting Quiz PHP Script version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#php#auth#ssh
Red Hat Security Advisory 2023-1372-01

Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

CVE-2023-2619: SourceCodester Online Tours & Travels Management System disapprove_delete.php sql injection_@sec的博客-CSDN博客

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability.

CVE-2021-31711: Stored xss in v9.14.0 in dialog.php in $_SESSION['RF']["sort_by"] because of no validation if ajax_calls.php setted this session. · Issue #661 · trippo/ResponsiveFilemanager

Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.

CVE-2023-32066: Addressed stored XSS vulnerability in week.php by escaping cell title. · anuko/timetracker@093cfe1

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783.

CVE-2023-30083: Heap buffer overflow in newVar_N() at decompile.c:654 · Issue #266 · libming/libming

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.

CVE-2023-30084: Invalid memory read in stackVal() at decompile.c:1238 · Issue #268 · libming/libming

An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.

CVE-2023-30085: Allocation size overflow in cws2fws() at main.c:111 · Issue #267 · libming/libming

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.

CVE-2020-23362: Beyond authority loophole in Yershop · Issue #1 · huyiwill/shopcms_lang

Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.