The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-36704 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. | -- | Aug 28, 2022 | n/a |
CVE-2022-36732 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. | -- | Sep 1, 2022 | n/a |
CVE-2022-36720 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php. | -- | Aug 27, 2022 | n/a |
CVE-2022-36716 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php. | -- | Aug 27, 2022 | n/a |
CVE-2022-36727 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | -- | Aug 19, 2022 | n/a |
CVE-2022-36730 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. | -- | Sep 1, 2022 | n/a |
CVE-2022-36735 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. | -- | Sep 1, 2022 | n/a |
CVE-2022-36657 | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | -- | Sep 1, 2022 | n/a |
CVE-2018-18796 | Library Management System 1.0 has SQL Injection via the Search for Books screen. | HIGH | Nov 16, 2018 | n/a |
CVE-2016-2044 | libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | MEDIUM | Feb 19, 2016 | n/a |
CVE-2016-2039 | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | MEDIUM | Feb 19, 2016 | n/a |
CVE-2011-2507 | libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. | Medium | Jul 15, 2011 | n/a |
CVE-2015-2206 | libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | Medium | Mar 10, 2015 | n/a |
CVE-2015-6830 | libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. | MEDIUM | Sep 13, 2015 | n/a |
CVE-2019-11519 | Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the \"Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file\" screen. | MEDIUM | May 1, 2019 | n/a |
CVE-2009-3767 | libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \'\\0\' character in a domain name in the subject\'s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | Medium | Oct 31, 2009 | n/a |
CVE-2012-2668 | libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. | Medium | Jun 20, 2012 | n/a |
CVE-2008-7252 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | High | Jan 28, 2010 | n/a |
CVE-2008-7251 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | High | Jan 28, 2010 | n/a |
CVE-2008-4096 | libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | High | Oct 1, 2008 | n/a |
CVE-2015-8669 | libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | Medium | Dec 28, 2015 | n/a |
CVE-2015-3903 | libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | Medium | May 27, 2015 | n/a |
CVE-2014-9218 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. | Medium | Dec 8, 2014 | n/a |
CVE-2016-2041 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | MEDIUM | Feb 19, 2016 | n/a |
CVE-2011-2505 | libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a remote variable manipulation vulnerability. | Medium | Jul 15, 2011 | n/a |
CVE-2011-2719 | libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. | Medium | Aug 2, 2011 | n/a |
CVE-2008-7027 | Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | High | Aug 21, 2009 | n/a |
CVE-2019-16214 | Libra Core before2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \\r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \\r character. | LOW | Sep 11, 2019 | n/a |
CVE-2018-9918 | libqpdf.a in QPDF through 8.0.2 mishandles certain expected dictionary key but found non-name object cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. | MEDIUM | Apr 10, 2018 | n/a |
CVE-2017-9210 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9208 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9209 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | MEDIUM | May 23, 2017 | n/a |
CVE-2015-7896 | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | MEDIUM | Aug 24, 2017 | n/a |
CVE-2019-12779 | libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. | Medium | Jun 10, 2019 | n/a |
CVE-2013-6481 | libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. | Medium | Feb 6, 2014 | n/a |
CVE-2009-2703 | libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | Medium | Sep 9, 2009 | n/a |
CVE-2010-3711 | libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. | Medium | Oct 29, 2010 | n/a |
CVE-2007-4996 | libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | Medium | Oct 2, 2007 | n/a |
CVE-2007-4999 | libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | Medium | Oct 31, 2007 | n/a |
CVE-2010-0420 | libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | Medium | Feb 25, 2010 | n/a |
CVE-2015-5899 | libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | High | Sep 18, 2015 | n/a |
CVE-2015-5757 | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | High | Aug 19, 2015 | n/a |
CVE-2009-2483 | libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. | Medium | Jul 16, 2009 | n/a |
CVE-2010-3438 | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \"some text\\rQUIT\" to the \'privmsg\' handler, which would cause the client to disconnect from the server. | HIGH | Nov 15, 2019 | n/a |
CVE-2012-5470 | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | Medium | Oct 26, 2012 | n/a |
CVE-2017-12652 | libpng before 1.6.32 does not properly check the length of chunks against the user limit. | HIGH | Jul 10, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2009-2042 | libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via out-of-bounds pixels in the file. | Medium | Jun 15, 2009 | n/a |
CVE-2008-1382 | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | High | Apr 14, 2008 | n/a |
CVE-2017-5835 | libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | MEDIUM | Mar 6, 2017 | n/a |
CVE-2018-20348 | libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. | LOW | Dec 21, 2018 | n/a |