CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31818
https://notcve.org/view.php?id=CVE-2024-31818
12 Apr 2024 — Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. La vulnerabilidad de Directory Traversal en DerbyNet v.9.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro de página del componente kiosk.php. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30928 – DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30928
05 Apr 2024 — SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc La vulnerabilidad de inyección SQL en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar comandos SQL arbitrarios a través del parámetro 'classids' en ajax/query.slide.next.inc DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc. • https://packetstorm.news/files/id/177955 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30921 – DerbyNet 9.0 photo.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30921
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. Una vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a un atacante remoto ejecutar código arbitrario a través del componente photo.php. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php. • https://packetstorm.news/files/id/177949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30924 – DerbyNet 9.0 checkin.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30924
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del componente checkin.php. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php. • https://packetstorm.news/files/id/177950 • CWE-692: Incomplete Denylist to Cross-Site Scripting •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30922 – DerbyNet 9.0 print/render/award.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30922
05 Apr 2024 — SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. Una vulnerabilidad de inyección SQL en DerbyNet v9.0 permite a un atacante remoto ejecutar código arbitrario a través de la cláusula Where en la representación de documentos de adjudicación. DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc. • https://packetstorm.news/files/id/177956 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30926 – DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30926
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del componente ./inc/kiosks.inc. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc. • https://packetstorm.news/files/id/177952 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30923 – DerbyNet 9.0 print/render/racer.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30923
05 Apr 2024 — SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc. • https://packetstorm.news/files/id/177957 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30929 – DerbyNet 9.0 playlist.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30929
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del parámetro "atrás" en playlist.php DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php. • https://packetstorm.news/files/id/177954 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30920 – DerbyNet 9.0 render-document.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30920
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. Una vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a un atacante remoto ejecutar código arbitrario a través del componente render-document.php. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php. • https://packetstorm.news/files/id/177948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30927 – DerbyNet 9.0 racer-results.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30927
05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del componente racer-results.php. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php. • https://packetstorm.news/files/id/177953 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •