Online Resort Management System version 1.0 suffer from remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty on January 10, 2022.
>> ARCHIVE: 2022-01
Landa Driving School Management System version 2.0.1 suffers from an arbitrary file upload vulnerability.
Archeevo version 5.0 suffers from a local file inclusion vulnerability.
Affiliate Pro 1.7 – ‘Multiple’ Cross Site Scripting (XSS)
Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS)
uDoctorAppointment v2.1.1 – ‘Multiple’ Cross Site Scripting (XSS)
Worktime version 10.20 Build 4967 suffers from a dll hijacking vulnerability.
Worktime version 10.20 Build 4967 suffers from an unquoted service path vulnerability.
Proof of concept for a Microsoft HTTP protocol stack vulnerability that causes a denial of service.
Cisco IP Phone Series 78×1, 88×5, 88×1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability.