Restaurant POS version 1.0 suffers from a remote SQL injection vulnerability.
1efe1a827da05e9054d6424d0c6cbeffd061cb7a7b523985c9f815859c5ded7a
Responsive Binary mlm version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7832158bdfb6f25736475de94f715b561965469ceb63c7f42c224430b50843df
Responsive Billing sw System version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0219dae7fd1734f734512e67150e374366e1b2cf6be0d9351c5231f163d3f5a
PHP SPM version 1.0 suffers from a WYSIWYG code injection vulnerability.
536b68dcbe9d4246c7b010d149de6d84d7dd1692847cf3ff869f37c679492ff7
PHP ACRSS version 1.0 suffers from a WYSIWYG code injection vulnerability.
4007e9d326a3fe6cb1abc611dc7edabd1018b4749c72ecb7f637d013b3571243
The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.
8123a5d0a4c6fa336d0b765079abb5168cf0f686b24baa715db1e55915f315fe
PHP SPM version 1.0 suffers from a PHP code injection vulnerability.
42eadddca12393ee271fabcce4e022f9356f7034e6fb3c8f39890de24c8c2b65
PHP ACRSS version 1.0 suffers from a PHP code injection vulnerability.
9a020e5f43760ba811c1702f617a4ccf04426dfe0e6f358f368a57c7bd6f3a92
Online mcq System version 1.0 suffers from a cross site scripting vulnerability.
9812280a7f199cadf92edba4b315443af80a2d51f9eb3e18e448c7ad4e24f4a3
Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9d
Online Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648
Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.
b4c3fb3408f8d7a80baf2b5ec0b035520c60a8b287134c61abe01863834639ea
Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.
e760cf3c5b44d7d8984817fcf92204fd9912a026b5d02720406cc72f12ac70ed
Traccar version 5.1 suffers from a PHP code injection vulnerability.
5595b2f52c8ca128698035a80627f56d2e0f69a1d0d431ac663d369417828fbb
ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.
da48953d86e3e633d210a21a755ad55098b6f12fdc0866504b37f9828d654fc5
ABB Cylon Aspect version 3.08.01 MS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in databasefiledelete.php is not properly sanitized before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.
5dbc986f6601c3bda5e54887231d2fa175f92f4f522e9ef2bc6cd9d2c722d9d9
This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2e
A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8
Netman 204 version 4.05 suffers from remote SQL injection and unauthenticated password reset vulnerabilities.
9c87235443244a564a179cec6442609a57be8b1bcb3c5c9b1b6a264fe45368e8
Elaine's Realtime CRM Automation version 6.18.17 suffers from a cross site scripting vulnerability.
4b49b8787ad3de23e5938175a4235b63ac86724d249f7e14581b817cf1993384
PHP ACRSS version 1.0 suffers from a cross site request forgery vulnerability.
eae5bd10e0e3c0cb032d26f40702865ee30f2c293fef75064a152ed20917169e
Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.
3fdb31b63dd3dffcc359c8fe22cdbfc2692c268e17a6a1cc41302fd995ff1353
Rail Pass Management System version 1.0 suffers from an ignored default credential vulnerability.
9b616ee5d482ef2ecfbd81ee24873eba218fd61e3ce0cb54a3da94dd2290af0a
PreSchool Enrollment System version 1.0 suffers from an ignored default credential vulnerability.
1d66855ad31d525ff1cd0aa67b987d6891d1fdd6e724a205e60af70bec92a07d
PHP SPM version 1.0 suffers from a cross site request forgery vulnerability.
25519b806495665c5736468ca62dfab30a516399cf5e67d1acce326963a8b403