The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM.
fbc6c5c5be944eb52ce167a061f21875f137dc6101b3184bad8a0d10c9afd154
rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.
898fcd6c42cf09cbd7ec5b6dc7da4c9a70126592c5acdb55261bfd7df9acfbaf
iBooking version 1.0.8 suffers from a remote shell upload vulnerability.
1d1a7039b4955d7dc4e5a704e51e320587047865279cc2297bb299611ef05245
ReQlogic version 11.3 suffers from a cross site scripting vulnerability.
5227ba88f59a5d4cccd1b7cd664927cd29c2794c9b0bb18836fe0f6ab3662551
This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in the tools directory and gain full system access. Successful exploitation results in root command execution using sudo as user optergy.
33babb5810832b13a94e71c123fd7427e2dfe9cd4f92a96b062b362c7592affd
Hashicorp Consul version 1.0 suffers from a remote command execution vulnerability.
cf1a6442030a5c5f6fd07b5a99052472a0dae35ed2b518c1ce2625d5f2fdf42b
Moodle LMS version 4.0 suffers from a cross site scripting vulnerability.
e7721c0aa0560a87ed3a181e9975e3a660308037ece1716c759931eaf08ced82
Tunnel Interface Driver suffers from a denial of service vulnerability.
f7f2b8b68d017bf58a7d55306d242543aa84752d90337934f157a2539d4cadd4
OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.
67ed76b4c862c969209c71ff4568ff584d8233722adbde52ad8523f8fddff6cd
Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.
71c7c7e58dfd4fd19b14de8fbc71ae94220ca39129c624221250b9a297da7930
X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.
876aed8ac1af7db0f1e7042dc3e6263dc7ae9ca1429d89517aef860913ece9e7
Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.
2522ffebb3f430ee0af9c8551dc7b1c7ccd8d38777900a80d1fb438938e478fa
BoxBilling versions 4.22.1.55 and below suffer from a remote code execution vulnerability.
6e59fbe468fead5a4191e76bf74361a19de1ba2b8e6b5604dcfb35095342aea9
Tapo C310 RTSP server version 1.3.0 suffers from an unauthorized video stream access vulnerability.
170c044bd6bcf23ff4b350fe2720d26d25aed6bdfb18705b917219f671e010bf
SugarSync version 4.1.3 suffers from an unquoted service path vulnerability.
55037f9fc378999b0dd446661454b26aeb67331ad993ac4257ddc722d63c67ad
HDD Health version 4.2.0.112 suffers from an unquoted service path vulnerability.
8393ec9706e83a38f5916ad915dd9562d1746a32ea7f14558160f4963089113e
WordPress Jetpack plugin version 11.4 suffers from a cross site scripting vulnerability.
3ceaf797647de4108f92a76d5b936b7c111f3523b7c04d5ea66e199a17b6c652
Online Shopping System Advanced version 1.0 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities.
d016e73da19bd9b2b318eea4c377983be13ee45418a1cb5e83aed5c8218cce71
SuperMailer version 11.20 suffers from a denial of service vulnerability.
fce09fe1e664b145fb82d4610710f0b790baf06694c3c787181354d57cf07c1b
YouPHPTube versions 7.8 and below suffer from local file inclusion and directory traversal vulnerabilities.
fb3e42eecf910a2436823c9d614a4b6500e8b3b9637e0652a2e73e9fc8287070
Beauty Salon version 1.0 suffers from a remote shell upload vulnerability.
83176cdbc6fac7bfcb64ea33d5b87412f89dd2c6fd208487f141a3594ec380e1
Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability.
d4430e30903a9db88dc6330e948ac08547e1622d7051cf8fedc3868bf8e104d1
WebTareas version 2.4 suffers from a remote blind SQL injection vulnerability. Original discovery of this issue in this version is attributed to Behrad Taher in May of 2022. Related CVE number: CVE-2021-43481.
227f751b494a8526993c807c6a09642bdde18c4570a2c251b1b157fa94d369f3
WebTareas version 2.4 suffers from multiple cross site scripting vulnerabilities.
813491c88e8a5846d163a6f81ec121117f5e924631af78f81671e4d9e87dce95
WebTareas version 2.4 suffers from a remote shell upload vulnerability.
eda323c318ad8fffa94b89ae2c95e9b9d5f2357f04e724bc7eabff0037f403b2