Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

SoftExpert Suite 2.1.3 Local File Inclusion

SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#apple#google#linux#js#git#java#php#auth#chrome#webkit#firefox
Debian Security Advisory 5396-1

Debian Linux Security Advisory 5396-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

PHPJabbers Simple CMS 5.0 SQL Injection

PHPJabbers Simple CMS version 5.0 suffers from a remote SQL injection vulnerability.

PHPFusion 9.10.30 Cross Site Scripting

PHPFusion version 9.10.30 suffers from a persistent cross site scripting vulnerability.

Old Age Home Management 1.0 SQL Injection

Old Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2023-2420: elecms/README.md at main · VG00000/elecms

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.

CVE-2023-2371: bug_report/SQLi-1.md at main · yoyoyoyoyohane/bug_report

A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.

ChurchCRM 4.5.3 SQL Injection

ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.

CVE-2023-2294: UCMS1.6/README.md at main · yztale/UCMS1.6

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.

CVE-2023-30417: pear-admin-boot存在存储式跨站脚本漏洞 · Issue #I6SXHX · Pear Admin/Pear Admin Boot - Gitee.com

A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.