Page 2 of 22 results (0.006 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. Se ha detectado una vulnerabilidad de tipo cross-site scripting persistente en Local Services Search Engine Management System Project versión 1.0, que permite a atacantes remotos ejecutar código arbitrario por medio de cargas útiles diseñadas que se introducen en los campos Name y Address. • https://tusharvaidya16.medium.com/local-services-search-engine-management-system-project-lssmes-1-0-af2cae7cbbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. Se ha detectado una vulnerabilidad de inyección SQL en el parámetro editid en Local Services Search Engine Management System Project versión 1.0. Esta vulnerabilidad da a usuarios administradores la habilidad de volcar todos los datos de la base de datos. • https://medium.com/%40tusharvaidya16/authenticated-blind-error-based-sql-injection-on-local-services-search-engine-management-system-3e99779f0850 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. Local Service Search Engine Management System versión 1.0, presenta una vulnerabilidad debido a una omisión de autenticación usando una inyección SQL. Con esta vulnerabilidad, un atacante puede omitir la página de inicio de sesión Local Service Search Engine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/49163 http://packetstormsecurity.com/files/162919/Local-Service-Search-Engine-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. El módulo RESTful Web Services (restws) versiones 7.x-1.x anteriores a 7.x-1.4 y versiones 7.x-2.x anteriores a 7.x-2.1 para Drupal, no restringe apropiadamente el acceso a las operaciones de escritura de entidades, lo que facilita a usuarios autenticados remotos con los permisos de "access resource node" y "create page content" (o equivalentes) conducir un ataque de tipo cross-site scripting (XSS) o ejecutar código PHP arbitrario por medio de un campo de texto diseñado. • http://www.openwall.com/lists/oss-security/2013/08/10/1 https://drupal.org/node/2059591 https://drupal.org/node/2059593 https://drupal.org/node/2059603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. El módulo Services 7.x-3.x anterior a 7.x-3.12 para Drupal permite a atacantes remotos evadir la restricción field_access y obtener información sensible de campos privados a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74365 https://www.drupal.org/node/2471847 https://www.drupal.org/node/2471879 • CWE-264: Permissions, Privileges, and Access Controls •