Blood Bank version 1.0 suffers from suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.
d95668292b4799b2459459dabbaf67baf0ecfb0c50e8731e1aa0858d71bc0d09
Simple Task List version 1.0 suffers from a remote SQL injection vulnerability.
3d7d08d11026b2dd3229567d42244f4b661bad830d96053161fec984a11d837d
Teacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability.
70201b7921db68f4cd1eabfe9d49fef650e64263d687be24d951e0f1d2287e83
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.
a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2eca
Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.
b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1
Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cd96d379383fd6bc85ab4e185183931ea6b236dd9b5c004203a06f94f9bd9b70
Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.
0aa128553cbd5a516cc713b76e3dc3f366da8678b4aba8459dee773880a5c164
ZoneMinder Snapshots versions prior to 1.37.33 suffer from an unauthenticated remote code execution vulnerability.
1214b8dd5cc3e41afef6bf3970934bdc17fe4f69cdd2f486c163cc06c6903f65
Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227
Ubuntu Security Notice 6697-1 - It was discovered that Bash incorrectly handled certain memory operations when processing commands. If a user or automated system were tricked into running a specially crafted bash file, a remote attacker could use this issue to cause Bash to crash, resulting in a denial of service, or possibly execute arbitrary code.
fe10af17a0fc7c6d4e0f87ab57a52f2b0459257025cad94a6db47deaf071ce11
This is a proof of concept exploit for CVE-2024-25153, a remote code execution vulnerability in Fortra FileCatalyst Workflow versions 5.x, before 5.1.6 Build 114.
2a8afe7aeb8387754a5e1093b278c99cf0daa3ee2f0907df1d3ea9383e5f2a54
Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.
74aac3d302e6dccc4a04f4bb3b7f33f7c74952c5fafd68a7b296c174889dd69b
Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.
dd739a9071327fb09fa5e5c4324f8585adfcdd2bb749945102e954aa364813c8
Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
e8f6e7fc279a5f1af336dbd407dfe96cd81c2d7194fe47a554772e61fc96870e
Membership Management System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
bafbc2c7895ab97a3d57de482862b676a744678a894f6abb9103ae63f21b01a1
Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.
c4fe18ae97be2193d34a7e1f1b12596463b48313b3820550e75dc093759247ba
This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Red Hat Security Advisory 2024-1321-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a remote SQL injection vulnerability.
d95d3241f282a5f42e6af5a8ac241179ef6329f681c625f25b533245c13ac448
JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability.
e1c264f19102d105794de4c6c20eaafe22944b48d40bf81b679d6529f26dcffb
Honeywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.
af3705248c7122eb4d11be4c13209b3526cbee77ed228747c3f55800ef9fb1ef
SolarView Compact version 6.00 suffers from a remote command injection vulnerability.
036c73fd4d8c1b4db5a8dfeb1d025199673968fe8cec024982fdbe68c19a7ca1
Viessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.
86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766a
Ruijie Switch version PSG-5124 with software build 26293 suffers from a remote code execution vulnerability.
31f3b0a900318bec9de9a1e9f67d893c6b3f4c63a3437484a3559c375ebb2fa0
Client Details System version 1.0 suffers from a remote SQL injection vulnerability.
64589c2ecc306d978f6791cf6a635512b98de6e52e4573c83fe9e9fe5303bbed
MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.
e2b323542d1ae762fd44f17402386b535064f3b92a9eb3e937211dc86f883e48