Advanced Search
Search and filter through 307,594 vulnerabilities
Search Results
Showing 101 - 120 of 307,594 results
None
A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
UNKNOWN
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member of the site. …
UNKNOWN
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.
None
A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
None
A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. …
UNKNOWN
Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode …
None
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via …
UNKNOWN
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
N-Partner N-Reporter (6, 7)
N-Partner N-Cloud (6, 7)
N-Partner N-Probe (6, 7)
UNKNOWN
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows a attacker to inject an arbitrary scripts may be executed on the user's browser.
NEC Corporation UNIVERGE IX (from Ver.9.5 to Ver.10.7)
NEC Corporation UNIVERGE IX (from Ver.10.8.21 to Ver.10.8.36)
NEC Corporation UNIVERGE IX (from Ver.10.9.11 to Ver.10.9.24)
NEC Corporation UNIVERGE IX
NEC Corporation UNIVERGE IX-R/IX-V (Ver1.3.16, Ver1.3.21)
None
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services …
HIGH
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway (9.5.0.0, 9.4.0.0)
HIGH
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway (9.5.0.0, 9.4.0.0)
HIGH
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway (9.5.0.0, 9.4.0.0)
UNKNOWN
Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which allows remote attackers to view display page templates via crafted URLs.
Liferay Portal (7.3.0)
Liferay DXP (7.3.10, 7.4.13, 2023.Q3.1, 2023.Q4.0)
UNKNOWN
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor …
Red Hat Red Hat Enterprise Linux 10 (0:2.10.90-5.el10_0.1)
Red Hat Red Hat Enterprise Linux 8 (0:2.9.0-16.el8_10.1)
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support (0:2.8.3-2.el8_2.1)
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support (0:2.9.0-6.el8_4.1)
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On (0:2.9.0-6.el8_4.1)
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support (0:2.9.0-9.el8_6.1)
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service (0:2.9.0-9.el8_6.1)
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions (0:2.9.0-9.el8_6.1)
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service (0:2.9.0-13.el8_8.1)
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions (0:2.9.0-13.el8_8.1)
Red Hat Red Hat Enterprise Linux 9 (0:2.9.4-11.el9_6.1)
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions (0:2.9.4-3.el9_0.2)
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions (0:2.9.4-7.el9_2.2)
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support (0:2.9.4-10.el9_4.2)
Red Hat Red Hat Enterprise Linux 6
Red Hat Red Hat Enterprise Linux 7
UNKNOWN
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass …
Ilevia Srl. EVE X1/X5 Server (*)
UNKNOWN
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Campcodes Grocery Sales and Inventory System (1.0)
UNKNOWN
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may …
Campcodes Grocery Sales and Inventory System (1.0)
UNKNOWN
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Campcodes Grocery Sales and Inventory System (1.0)
UNKNOWN
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
Ilevia Srl. EVE X1 Server (*)