Total
91812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7664 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 6.5 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0. Affected is an unknown function of the file view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7663 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 6.5 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7662 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7657 | 1 Gilacms | 1 Gila Cms | 2024-08-15 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41833 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41834 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-33993 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'. | |||||
| CVE-2024-33992 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'. | |||||
| CVE-2024-33991 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'. | |||||
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. | |||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. | |||||
| CVE-2024-33985 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'. | |||||
| CVE-2024-33986 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'. | |||||
| CVE-2024-33987 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'. | |||||
| CVE-2024-33988 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'. | |||||
| CVE-2024-33984 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'. | |||||
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. | |||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. | |||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'. | |||||
| CVE-2024-33977 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'. | |||||