OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
104a24c90358f7b176c601947844d418
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
4ef799a57a5bebf1c7686ee9e8bb591b
OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
dcbdd080e561d84592ffec066c3a8472
Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
c0df758f96538e1b8ac9689218a081ad
The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
35b3d6bf27bfcacaa597e0ed89c5cc54
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
208efcea716842d4864b2ad444c630e5
The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
b1d09f4404b1268792fe1602be620242
WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.
ea91243869739ae676c39bebb79d51c4
Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.
e8121ba043f9bc7dc8bc589dac7a4a1b
Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.
3795fad2ebbcace586aa3ec37a6a6597
Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
e2fa9c797d92a57016481570e269e9e5
Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.
511f387e8db618560590a52a96f412ec
Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
859f67d52b5fe525ba6908506b0a9d63
Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
807bfd73dd0313f2fd9ce52866147d82
Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
00e4c95eecce91a63dfe0d538a7f1039
Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.
85158ef5e1a886db017a968f1200bb77
Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7d6b405c12bcf353faaedb48b2bb9bf
Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.
9c31e45174763f24cd3027caf8c1e712