Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
>> ARCHIVE: 2021-12
Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
Croogo 3.0.2 – Unrestricted File Upload
Croogo 3.0.2 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration
Apache Log4j2 versions 2.14.1 and below information disclosure exploit.
Booked Scheduler version 2.75 authenticated remote shell upload exploit.
AbanteCart e-commerce platform versions prior to 1.3.2 suffer from cross site scripting and file upload vulnerabilities.
Zucchetti Axess CLOKI Access Control version 1.64 suffers from a cross site request forgery vulnerability.
Ticket Booking version 1.0 suffers from a remote SQL injection vulnerability.
Apache Log4j2 versions 2.0-beta-9 and 2.14.1 remote code execution exploit.