2020
06.05

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.

more details here.

2020
06.05

Online Marriage Registration System version 1.0 suffers from a remote code execution vulnerability.

more details here.

2020
06.05

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.

more details here.

2020
06.05

Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.

more details here.

2020
06.05

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.

more details here.

2020
06.05

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

more details here.

2020
06.05

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

more details here.

2020
06.05

Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.

more details here.

2020
06.05

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

more details here.

2020
06.05

VMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.

more details here.