OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
895921eb0a53976c8b5da677f784a32391efcbd1cc80d796ef72378efa54580a
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
078180c0088a10bb5564b3436104fdcc80f9d53548b5cf7063cb5edac1d63305
OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
a0acbb09078931bf9f089e891b334d18ce2ebf45b68c44d5c001bc986f5e04b9
Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
643713537d4e5a942c72e49449790b5a7445873f36295831510b9a872e94a886
The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
a9d3e14b3988aec61f8fb2be72fc500e476e74698104b20990c77dd79fbe57e3
The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
ad00d431157ae8f7dd34f7235a000e058a087a21a50442a4aad8f2801e7fdb27
WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.
6aa12eb5e2a30f4c4d114b32f8b866bc1a6a86a0191f2dd3043d5c986c598b92
Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.
9da6a0d3621953b2fc4709d0b41d45d3637b5f4cbe3f23650d74e4584833bfb6
Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.
ac4ca768b5ce952dba394cc6b1930615a99b670e0cb573d027161391c298c8cb
Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
975b7ba7dfc1c500ea9e23d90655a5643b1a793677defc9ec265442ecab49fce
Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.
752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74
Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
6e82f51cfebbd09c7ab16d5d4779e36ed7b58d1333a53e941f76b5d266779140
Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
c396f1c7ce034b15838b2aeaadb4359a9a46fc66ad4d19d8891399724a42c558
Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
70b7b5cc626d81d1fcc8e61c09febd776cff99c946493c5b6fef02ff093dec14
Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.
5ae48804e53b05b0959fb9da096cca0880a8cea84800e7c45b02f24e07a2393d
Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6d5c4d8bdba37bc621af538a7b3cfaacea9de80efe3bb59e082ef15edfdf0a1b
Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.
ec56d0c884f8baad912f6d3ab6c4ea8f85e06797d750de40278239eb4fcd0009