Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

New MVC Shop 1.0 SQL Injection / Missing Attributes

New MVC Shop version 1.0 suffers from remote SQL injection and missing attribute vulnerabilities.

Packet Storm
Open in Source
#sql#vulnerability#web#linux#debian#git#php#auth#firefox
Jobs Portal 3.6 Insecure Settings

Jobs Portal version 3.6 appears to leave default credentials installed after installation.

Camaleon CMS 2.7.0 Server-Side Template Injection

Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability.

CVE-2023-28153: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.

CVE-2023-33440: bug_report/RCE-1.md at main · F14me7wq/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.

CVE-2023-33439: bug_report/SQLi-1.md at main · F14me7wq/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.

Laravel 10.11 Database Disclosure / Information Disclosure

Laravel version 10.11 suffers from database disclosure and information leakage vulnerabilities.

CVE-2023-25439: FusionInvoice 2023-1.0 Cross Site Scripting ≈ Packet Storm

Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.

CVE-2023-33751: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #14 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.

CVE-2023-33750: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #15 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.