i-doit Open Source CMDB 1.14.1 – Arbitrary File Deletion
>> ARCHIVE: 2020-05
i-doit Open Source CMDB 1.14.1 – Arbitrary File Deletion
YesWiki cercopitheque 2020.04.18.1 – ‘id’ SQL Injection
Online Clothing Store 1.0 – Persistent Cross-Site Scripting
xt:Commerce version 5.4.1, 6.2.1, and 6.2.2 suffer from an improper access control vulnerability. A logged-in customer can create and alter addresses. These addresses are referenced by incrementing IDs. On saving…
Proof of concept denial of service exploit for the recent OpenSSL signature_algorithms_cert vulnerability.
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera…
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile,…
TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where…
FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.
iJoomla AdAgency component version 6.0.9 suffers from a remote SQL injection vulnerability.