Restaurant POS version 1.0 suffers from a remote SQL injection vulnerability.
1efe1a827da05e9054d6424d0c6cbeffd061cb7a7b523985c9f815859c5ded7aResponsive Binary mlm version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7832158bdfb6f25736475de94f715b561965469ceb63c7f42c224430b50843dfResponsive Billing sw System version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0219dae7fd1734f734512e67150e374366e1b2cf6be0d9351c5231f163d3f5aPHP SPM version 1.0 suffers from a WYSIWYG code injection vulnerability.
536b68dcbe9d4246c7b010d149de6d84d7dd1692847cf3ff869f37c679492ff7PHP ACRSS version 1.0 suffers from a WYSIWYG code injection vulnerability.
4007e9d326a3fe6cb1abc611dc7edabd1018b4749c72ecb7f637d013b3571243The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.
8123a5d0a4c6fa336d0b765079abb5168cf0f686b24baa715db1e55915f315fePHP SPM version 1.0 suffers from a PHP code injection vulnerability.
42eadddca12393ee271fabcce4e022f9356f7034e6fb3c8f39890de24c8c2b65PHP ACRSS version 1.0 suffers from a PHP code injection vulnerability.
9a020e5f43760ba811c1702f617a4ccf04426dfe0e6f358f368a57c7bd6f3a92Online mcq System version 1.0 suffers from a cross site scripting vulnerability.
9812280a7f199cadf92edba4b315443af80a2d51f9eb3e18e448c7ad4e24f4a3Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9dOnline Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.
b4c3fb3408f8d7a80baf2b5ec0b035520c60a8b287134c61abe01863834639eaComplete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.
e760cf3c5b44d7d8984817fcf92204fd9912a026b5d02720406cc72f12ac70edTraccar version 5.1 suffers from a PHP code injection vulnerability.
5595b2f52c8ca128698035a80627f56d2e0f69a1d0d431ac663d369417828fbbABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.
da48953d86e3e633d210a21a755ad55098b6f12fdc0866504b37f9828d654fc5ABB Cylon Aspect version 3.08.01 MS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in databasefiledelete.php is not properly sanitized before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.
5dbc986f6601c3bda5e54887231d2fa175f92f4f522e9ef2bc6cd9d2c722d9d9This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2eA mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8Netman 204 version 4.05 suffers from remote SQL injection and unauthenticated password reset vulnerabilities.
9c87235443244a564a179cec6442609a57be8b1bcb3c5c9b1b6a264fe45368e8Elaine's Realtime CRM Automation version 6.18.17 suffers from a cross site scripting vulnerability.
4b49b8787ad3de23e5938175a4235b63ac86724d249f7e14581b817cf1993384PHP ACRSS version 1.0 suffers from a cross site request forgery vulnerability.
eae5bd10e0e3c0cb032d26f40702865ee30f2c293fef75064a152ed20917169eReservation Management System version 1.0 suffers from a backup disclosure vulnerability.
3fdb31b63dd3dffcc359c8fe22cdbfc2692c268e17a6a1cc41302fd995ff1353Rail Pass Management System version 1.0 suffers from an ignored default credential vulnerability.
9b616ee5d482ef2ecfbd81ee24873eba218fd61e3ce0cb54a3da94dd2290af0aPreSchool Enrollment System version 1.0 suffers from an ignored default credential vulnerability.
1d66855ad31d525ff1cd0aa67b987d6891d1fdd6e724a205e60af70bec92a07dPHP SPM version 1.0 suffers from a cross site request forgery vulnerability.
25519b806495665c5736468ca62dfab30a516399cf5e67d1acce326963a8b403
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed