Template Security has discovered a serious denial of service vulnerability in the BlueCat Networks Adonis DNS/DHCP Appliance. When XHA is configured to place two Adonis servers in an active-passive pair to provide high availability, a remote attacker can transmit a single UDP datagram to crash the heartbeat control process. This can be used for example to create an active/active condition in the cluster pair.
cc3a0e1f01e8c577869fec6643baaacbf4c0c356f0b25da7cd5cad08f003d024
Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.
f3361bf9186b472b9be8cbd6ae5f7d9d24dd48bb2c9b3fc4085a3f7ab2c6d9ac
Teacher Subject Allocation Management System version 1.0 suffers from a cross site scripting vulnerability.
b1db62a9d65130bfaeab7bcac6517aa366c7654856b16d38cfa8adfcb66c27a7
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.
44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.
62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp
6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.
507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
Teacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability.
70201b7921db68f4cd1eabfe9d49fef650e64263d687be24d951e0f1d2287e83
Multilaser RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through cookie manipulation.
ba0ed12285ef51b34ae0d6988481e8d4fc6959295d9775d1e956a211d68153e0
Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL manipulation.
e1156731f7c82aa391ee5895789afc5a989d3554ac5a410747604791d0f5fdcc
Multilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header manipulation.
c6cf3a65cbce62dca49ea866ac9a7ace5aa59a5dad1fb6abba12d3e96e453625
TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.
0bc7ecda382e75a1cb2b54690a396532c49dd66393a3842a9283c8bfaf166236
TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.
06f5da798bc1734c99952dd5665f7fc882b0e8d1c219d8e327e08d2824444cbb
TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.
215f20ce0fd7976f257c178193251dfef5d9ab1191d503a59cbdd146d251811d
Time Slot Booking Calendar version 1.8 suffers from a cross site scripting vulnerability.
f65b274470cdaa58905697b946bb0b36c4806f9c1a414f504b6f854b7f020005
Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.
b4b2bf2bd02e5e6e2f24ce835e44e52d016f467252a6d79a30e013c6f3028a74
Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.
35e0aca5c12fde1a197fcd41a91aeee4b905c913ce48905a08acc0913c03bbe7
WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.
fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.
45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202
T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.
a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251
T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
c6b8e63ffe9cd49eeb60a1fb0927f605b76c7e0f0c0526db27887b5438211ac3
This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
Envira Gallery Lite edition version 1.8.3.2 suffers from a cross site scripting vulnerability.
9dbf149ef3ee66457f73ea7147ed74161ff3ef6881909b863f14b4bf54649b7c
Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34