InfoSec News & Tutorials
NAME__________Human Resource Management System /hrm/controller/login.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Human Resource Management System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the /hrm/controller/login.php…
NAME__________Izmir Katip Celebi University UBYS cross-site scriptingPlatforms Affected:Izmir Katip Celebi University UBYS 23.03.16Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Izmir Katip Celebi University UBYS is vulnerable to cross-site scripting, caused by improper validation of…
NAME__________Online Pizza Ordering System /php-opos/index.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the /php-opos/index.php…
NAME__________Medical Certificate Generator App SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Medical Certificate Generator App is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the action.php…
NAME__________Frontier denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Frontier is vulnerable to a denial of service, caused by a gas cost discrepancy in the modexp precompile when encountering an even…
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android could allow a remote attacker to obtain…
NAME__________Minio information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Minio could allow a remote attacker to obtain sensitive information, caused by a flaw in the cluster deployment implementation. By sending a specially-crafted request,…
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android could allow a remote attacker to obtain…
NAME__________Sentry SDK for Python information disclosurePlatforms Affected:Risk Level:7.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sentry SDK for Python could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Django…
NAME__________Simple and Beautiful Shopping Cart System file uploadPlatforms Affected:Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Simple and Beautiful Shopping Cart System could allow a remote authenticated attacker to upload arbitrary files, caused by improper…
NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to designer.php script using the product_id…
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pacsrapor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a…
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Pacsrapor is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,…
NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to function hookActionCartSave and updateCustomizationTable using…
NAME__________DataGear SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________DataGear is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the /analysisProject/pagingQueryData endpoint using the queryOrder parameter, which…
NAME__________Pimcore directory traversalPlatforms Affected:Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Pimcore could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the GET method.…
NAME__________Student Study Center Desk Management System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Student Study Center Desk Management System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by…
NAME__________NextCloud Server brute forcePlatforms Affected:Risk Level:4.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________NextCloud Server is vulnerable to a brute force attack, caused by improper restriction of excessive authentication attempts by the password confirmation modal. By…
NAME__________Student Study Center Desk Management System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Student Study Center Desk Management System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by…
NAME__________Air Cargo Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Air Cargo Management System is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the admin/transactions/update_status.php…
NAME__________Devolutions Remote Desktop Manager information disclosurePlatforms Affected:Risk Level:2.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Devolutions Remote Desktop Manager could allow a local attacker to obtain sensitive information, caused by information disclosure through an error message…
NAME__________Cisco ASA, FTD, IOS and IOS XE Software denial of servicePlatforms Affected:Cisco Adaptive Security Appliance Software Cisco IOS Software Cisco IOS XE Software Cisco Firepower Threat Defense SoftwareRisk Level:6.8Exploitability:UnprovenConsequences:Denial of…
NAME__________Student Study Center Desk Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Student Study Center Desk Management System is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL…
NAME__________Couchbase Server security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Couchbase Server could allow a remote attacker to bypass security restrictions, caused by improper authentication in the /api/nsstats endpoint. By sending a specially-crafted…