OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
104a24c90358f7b176c601947844d418OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
4ef799a57a5bebf1c7686ee9e8bb591bOpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
dcbdd080e561d84592ffec066c3a8472Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
c0df758f96538e1b8ac9689218a081adThe OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
35b3d6bf27bfcacaa597e0ed89c5cc54Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
208efcea716842d4864b2ad444c630e5The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
b1d09f4404b1268792fe1602be620242WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.
ea91243869739ae676c39bebb79d51c4Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.
e8121ba043f9bc7dc8bc589dac7a4a1bUbuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.
3795fad2ebbcace586aa3ec37a6a6597Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
e2fa9c797d92a57016481570e269e9e5Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.
511f387e8db618560590a52a96f412ecCourier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
859f67d52b5fe525ba6908506b0a9d63Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
807bfd73dd0313f2fd9ce52866147d82Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
00e4c95eecce91a63dfe0d538a7f1039Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.
85158ef5e1a886db017a968f1200bb77Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7d6b405c12bcf353faaedb48b2bb9bfUbuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.
9c31e45174763f24cd3027caf8c1e712
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed