Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-38833: Apartment Visitors Management System using PHP and MySQL project

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.

CVE

Related news

CVE-2020-24932: Offensive Security’s Exploit Database Archive

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.

CVE-2020-19962: vuln_repo/chaojicms_stored_xss.md at master · zhuxianjin/vuln_repo

A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.

CVE-2021-41651: GitHub - MobiusBinary/CVE-2021-41651

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

CVE-2021-41465: GitHub - concrete5/concrete5-legacy: Legacy repository for concrete5

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.

CVE-2021-41464: GitHub - concrete5/concrete5-legacy: Legacy repository for concrete5

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.

CVE-2021-41462: GitHub - concrete5/concrete5-legacy: Legacy repository for concrete5

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.

CVE-2021-41463: GitHub - concrete5/concrete5-legacy: Legacy repository for concrete5

Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.

CVE-2021-41461: GitHub - concrete5/concrete5-legacy: Legacy repository for concrete5

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

CVE-2021-26764: Student Record System 4.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.

CVE-2021-26765: Student Record System 4.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.

CVE-2021-26762: Offensive Security’s Exploit Database Archive

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.

CVE-2020-35427: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

CVE-2015-0886: mindrot.org projects weblog : /jBCrypt/news/rel04.html

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907