Employee Management System 1.0 – Authentication Bypass
>> ARCHIVE: 2020-10
Employee Management System 1.0 – Authentication Bypass
Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.
TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.
NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.
Guild Wars 2 suffers from an insecure folder permissions vulnerability.
rConfig 3.9.5 – Remote Code Execution (Unauthenticated)
Vehicle Parking Management System 1.0 – Authentication Bypass
berliCRM version 1.0.24 suffers from a remote SQL injection vulnerability.
Battle.Net version 1.27.1.12428 suffers from a privilege escalation vulnerability due to insecure file permissions.
xls2csv version 0.95 suffers from three overflow, one malloc fail, one memory leak, and two null pointer dereference vulnerabilities. Proof of concept code and ASAN analysis is included.