CyberSecurityBoard
Sponsor Register Login

CVE-2025-3174

A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Publication date: Thu, 03 Apr 2025 19:00:00 +0000


Cyber News related to CVE-2025-3174

CVE-2013-0422 - Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, ...
1 year ago
CVE-2012-3174 - Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped ...
11 years ago
CVE-2025-3174 - A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument experience ...
2 months ago
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594
CVE-2007-3174 - Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. ...
7 years ago
CVE-2024-46848 - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at ...
8 months ago Tenable.com
CVE-2005-3174 - Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. ...
16 years ago
CVE-2011-3174 - Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code ...
12 years ago
CVE-2006-3174 - Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. ...
7 years ago
CVE-2014-3174 - modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote ...
7 years ago
CVE-2009-3174 - PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter. ...
7 years ago
CVE-2010-3174 - Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ...
7 years ago
CVE-2008-3174 - Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related ...
6 years ago
CVE-2016-3174 - An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be ...
6 years ago
CVE-2020-3174 - A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for ...
5 years ago
CVE-2013-3174 - DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF ...
4 years ago
CVE-2015-3174 - mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via ...
4 years ago
CVE-2022-3174 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. ...
2 years ago
CVE-2018-3174 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows ...
2 years ago
CVE-2022-3683 - A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, ...
2 years ago
CVE-2022-3682 - A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. ...
2 years ago
CVE-2017-3174 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-3174 - Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) ...
10 months ago
CVE-2022-3684 - A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior ...
2 years ago
CVE-2022-3686 - A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)