Page 5 of 56 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. En PHP Scripts Mall advanced-real-estate-script versión 4.0.9, el parámetro news_id del archivo news_edit.php es vulnerable a una inyección SQL. • https://github.com/Mad-robot/CVE-List/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 1

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. • https://bc-vault.com/2019/08/our-response-to-cve-2019-14359 • CWE-203: Observable Discrepancy •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. PHP Scripts Mall Open Source Real-estate Script 3.6.2 permite que los atacantes remotos listen el directorio wp-content/themes/template_dp_dec2015/img. • https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. PHP Scripts Mall advanced-real-estate-script tiene Cross-Site Scripting (XSS) mediante el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15189-vikas-chaudhary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. PHP Scripts Mall advanced-real-estate-script 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (pérdida de la estructura de la página) mediante código JavaScript manipulado en el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15188-vikas-chaudhary • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •