The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in…
>> ARCHIVE: 2020-12
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
http://korat3.go.th/vz.txt notified by aDriv4
Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.