Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20075 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20074 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20073 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20072 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20071 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20070 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20069 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20068 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-33049 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. | |||||
| CVE-2017-20067 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-33056 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. | |||||
| CVE-2022-31062 | 1 Glpi-project | 1 Glpi Inventory | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used. | |||||
| CVE-2022-23072 | 1 Tandoor | 1 Recipes | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | |||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-28 | 7.5 HIGH | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2022-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | |||||
| CVE-2017-20065 | 1 Supsystic | 1 Popup | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-41683 | 1 Jerryscript | 1 Jerryscript | 2022-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | |||||
| CVE-2022-1945 | 1 Colorlib | 1 Coming Soon \& Maintenance Mode | 2022-06-28 | 3.5 LOW | 4.8 MEDIUM |
| The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | |||||
| CVE-2021-41682 | 1 Jerryscript | 1 Jerryscript | 2022-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 | |||||