CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30927 Description: A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically...
CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0,...
CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30925 Description: A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within...
CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30924 Description: A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet version...
CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically...
CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically...
CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0,...
CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php
Posted by Valentin Lobstein via Fulldisclosure on Apr 05 CVE ID: CVE-2024-30920 Description: A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0,...
SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning
Posted by Lennert Preuth via Fulldisclosure on Apr 05 Title ===== SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Status ====== PUBLISHED...
SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning
Posted by Lennert Preuth via Fulldisclosure on Apr 05 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version...