Jenkins version 2.441 suffers from a local file inclusion vulnerability.
bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87aOpenClinic GA version 5.247.01 suffers from an information disclosure vulnerability.
2ff76ee23f3646bb23d72691d3d4f6a113f1d03e2ad22824d2636988ff0294f6OpenClinic GA version 5.247.01 suffers from an authenticated path traversal vulnerability.
0a16a99fea8a81ce4ac5a7f2ff88ffe98623e591f76c35f5e7c3d8893490aef0Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553Stock Management System version 1.0 suffers from a remote SQL injection vulnerability.
ee8f6806eb002eeb79308e1f582300e6c9e5c6963aed8ff7b5b730994fc80298Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.
3b1ae38d17de2b6bb05d853af820ee9f6f5e2f2251357f5de9240f209b72112fThe Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.
71d55c6a52e12ee9261d11d52085671ffd68404f5deb15af6740a69e8a217fbaWordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.
89bd57c1d15c2fdb70027b10bc188998968404fee02a9c3318c678b99724d195MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.
1fd596cf1466301a3fd1b25b9e0abbc97d0da47e2d4cbfabb6133bac6cd96055An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full rights and privileges.
f463a33e91d671de7054018540aff6f6ec53938dedf239b9646be10f49edfccfConcrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.
371f9505662bb6a768bb624f24a62e46fef4ad9feab889c6189fe75092e31989CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.
343ca35b11570c993ed8818aa37a56638c474563d756a7ac0c8f9334b16b6ca5Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.
c0a01ac21e54ef967a8efc4d6257dd13af0264821d06c9c02f3fc743f377f9f1Flightio.com suffers from a remote SQL injection vulnerability. The researchers reporting this claimed the site has not responded to their reports so we are posting this to add visibility to the issue.
287e946136487edac1a8bcbedb409990ac26461ab1f6840438934159773b37daWordPress Travelscape theme version 1.0.3 suffers from an arbitrary file upload vulnerability.
8c7f57a620a7f2e630146822105069ce7c8d705a9661a1a56006b6c19ee5ae88Daily Expense Manager version 1.0 suffers from a remote SQL injection vulnerability.
3036d5c35514225ac7efd5fae884b642a5c6e16478440cce60456af20f3c8957Open Source Medicine Ordering System version 1.0 suffers from a remote SQL Injection vulnerability.
ddcd59d819ea5c59b6d5493517cad43c4bfefe50707cf9b222d8705aea3e670bZenML allows for remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. This is the proof of concept exploit. All ZenML versions below 0.46.7 are vulnerable, with the exception being patched versions 0.44.4, 0.43.1, and 0.42.2.
3c2c8e3882d5e4c0257dbb5b27f3d5dfe82d1a0ce0a5f485af9c54a883d48594Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ffOpen eShop version 2.7.0 suffers from a cross site scripting vulnerability.
ffc1ccc2b126ca15fb375709398eeafd3eb66b2b5e4657e3a0744439ad777b8cHTMLy version 2.9.6 suffers from a persistent cross site scripting vulnerability.
7c364eb28a81f6893bdac09aa21445e515fda3d2ede1335da9224b08d6224934UP-RESULT version 0.1 2024 suffers from a remote SQL injection vulnerability.
4add65ea93ae55c77a16552103ce0483201e157f530ea8a0e1e38f32c5d69671
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed