DerbyNet
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30927 | 0.00 | — | 0.00 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | |||
| CVE-2024-30925 | 0.00 | — | 0.00 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | |||
| CVE-2024-30922 | 0.00 | — | 0.05 | Apr 18, 2024 | SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | |||
| CVE-2024-30920 | 0.00 | — | 0.01 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | |||
| CVE-2024-30926 | 0.00 | — | 0.00 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | |||
| CVE-2024-30929 | 0.00 | — | 0.01 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php | |||
| CVE-2024-30921 | 0.00 | — | 0.01 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | |||
| CVE-2024-30923 | 0.00 | — | 0.05 | Apr 18, 2024 | SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | |||
| CVE-2024-30924 | 0.00 | — | 0.00 | Apr 18, 2024 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. | |||
| CVE-2024-30928 | 0.00 | — | 0.00 | Apr 18, 2024 | SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc |
- CVE-2024-30927Apr 18, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.
- CVE-2024-30925Apr 18, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.
- CVE-2024-30922Apr 18, 2024risk 0.00cvss —epss 0.05
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.
- CVE-2024-30920Apr 18, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.
- CVE-2024-30926Apr 18, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.
- CVE-2024-30929Apr 18, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php
- CVE-2024-30921Apr 18, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component.
- CVE-2024-30923Apr 18, 2024risk 0.00cvss —epss 0.05
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
- CVE-2024-30924Apr 18, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.
- CVE-2024-30928Apr 18, 2024risk 0.00cvss —epss 0.00
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc