Aggregator
CVE-2024-10334 | ABB System 800xA 5.1.x/6.0.3.x/6.1.1.x/6.2.x credentials storage
1 year 5 months ago
A vulnerability was found in ABB System 800xA 5.1.x/6.0.3.x/6.1.1.x/6.2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unprotected storage of credentials.
This vulnerability is handled as CVE-2024-10334. An attack has to be approached locally. There is no exploit available.
vuldb.com
CVE-2025-25064(CVSS9.8):Zimbra协作中的严重SQL注入错误
1 year 5 months ago
安全客
CVE-2025-1197 | code-projects Real Estate Property Management System 1.0 load_user-profile.php userhash sql injection
1 year 5 months ago
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql injection.
This vulnerability is known as CVE-2025-1197. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-1196 | code-projects Real Estate Property Management System 1.0 /search.php PropertyName cross site scripting
1 year 5 months ago
A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting.
This vulnerability is traded as CVE-2025-1196. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well.
vuldb.com
CVE-2025-1195 | code-projects Real Estate Property Management System 1.0 /Admin/EditCategory CategoryId cross site scripting
1 year 5 months ago
A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting.
The identification of this vulnerability is CVE-2025-1195. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-11621 | Devolutions Remote Desktop Manager certificate validation (DEVO-2025-0001)
1 year 5 months ago
A vulnerability classified as problematic was found in Devolutions Remote Desktop Manager up to 2024.3.2.5/2024.3.3.0/2024.3.3.7/2024.3.6.0/2024.3.9.0. This vulnerability affects unknown code. The manipulation leads to improper certificate validation.
This vulnerability was named CVE-2024-11621. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-1193 | Devolutions Remote Desktop Manager up to 2024.3.19 on Windows certificate validation (DEVO-2025-0001)
1 year 5 months ago
A vulnerability classified as problematic has been found in Devolutions Remote Desktop Manager up to 2024.3.19 on Windows. This affects an unknown part. The manipulation leads to improper certificate validation.
This vulnerability is uniquely identified as CVE-2025-1193. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-8685 | KUNBUS Revolution Pi 2022-07-28-revpi-buster getFileList.php dir path traversal
1 year 5 months ago
A vulnerability was found in KUNBUS Revolution Pi 2022-07-28-revpi-buster. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pictory/php/getFileList.php. The manipulation of the argument dir leads to path traversal.
This vulnerability is handled as CVE-2024-8685. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-8684 | KUNBUS Revolution Pi 2022-07-28-revpi-buster php/dal.php arrSaveConfig os command injection
1 year 5 months ago
A vulnerability was found in KUNBUS Revolution Pi 2022-07-28-revpi-buster. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file php/dal.php. The manipulation of the argument arrSaveConfig leads to os command injection.
This vulnerability is known as CVE-2024-8684. The attack can be launched remotely. There is no exploit available.
vuldb.com
Submit #496856: code-projects Real Estate Property Management System v1.0 SQL INJECTION [Accepted]
1 year 5 months ago
Submit #496856 / VDB-295105
Resyul
Submit #496855: code-projects Real Estate Property Management System 1/0 php Cross Site Scripting [Accepted]
1 year 5 months ago
Submit #496855 / VDB-295104
Resyul
Submit #496854: code-projects Real Estate Property Management System 1/0 php Cross Site Scripting [Accepted]
1 year 5 months ago
Submit #496854 / VDB-295103
Resyul
Magecart Attackers Abuse Google Ad Tool to Steal Data
1 year 5 months ago
Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.
Elizabeth Montalbano, Contributing Writer
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
1 year 5 months ago
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.
Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent
The Hacker News
CVE-2024-0432 | Gestpay for WooCommerce Plugin up to 20221130 on WordPress ajax_delete_card cross-site request forgery
1 year 5 months ago
A vulnerability classified as problematic has been found in Gestpay for WooCommerce Plugin up to 20221130 on WordPress. This affects the function ajax_delete_card. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2024-0432. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-0433 | Gestpay for WooCommerce Plugin up to 20221130 on WordPress ajax_unset_default_card cross-site request forgery
1 year 5 months ago
A vulnerability classified as problematic was found in Gestpay for WooCommerce Plugin up to 20221130 on WordPress. This vulnerability affects the function ajax_unset_default_card. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2024-0433. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-5047 | SourceCodester Student Management System 1.0 /student/controller.php photo unrestricted upload
1 year 5 months ago
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload.
This vulnerability is traded as CVE-2024-5047. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-5051 | SourceCodester Gas Agency Management System 1.0 edituser.php id sql injection
1 year 5 months ago
A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection.
This vulnerability was named CVE-2024-5051. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-5093 | SourceCodester Best House Rental Management System 1.0 login.php username/password sql injection
1 year 5 months ago
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection.
This vulnerability was named CVE-2024-5093. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com