code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. More information : https://code-projects.org/food-ordering-review-system-in-php-with-source-code/
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin’s cookie information by entering malicious XSS code in the Company field when adding files. More information :...
code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field. More information : http://code-projects.com
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server...
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper...
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server...
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.This issue affects HumanSuite: before 53.21.0. More information...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in Patika...
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin...
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function More information : http://online.com
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController More information : https://github.com/qkdjksfkeg/Security-Collections/blob/main/sqlinjection2.md
In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict parameter. More information :...
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path In the error path of hws_pool_buddy_init(), the buddy allocator cleanup doesn’t free the allocator structure...
In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of service_task and into open/close The fbnic driver was presenting with the following locking assert coming out of a...