[webapps] Zenario CMS 9.0.54156 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for April, 2022
[webapps] KLiK Social Media Website 1.0 – 'Multiple' SQLi
Posted by deepcore under Security (No Respond)
[remote] Kramer VIAware – Remote Code Execution (RCE) (Root)
Posted by deepcore under Security (No Respond)
[webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Deletion
Posted by deepcore under Security (No Respond)
[webapps] qdPM 9.2 – Cross-site Request Forgery (CSRF)
Posted by deepcore under Security (No Respond)
[local] Sherpa Connector Service v2020.2.20328.2050 – Unquoted Service Path
Posted by deepcore under Security (No Respond)
[webapps] minewebcms 1.15.2 – Cross-site Scripting (XSS)
Posted by deepcore under Security (No Respond)
SAP Information System 1.0 Shell Upload
Posted by deepcore under exploit (No Respond)
SAP Information System version 1.0 suffers from a remote shell upload vulnerability.
Online Sports Complex Booking System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Online Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability in Users.php. This is a similar issue as the one discovered by Saud Alenazi in March of 2022 but affects a different file.
cmark-gfm Integer overflow
Posted by deepcore under exploit (No Respond)
cmark-gfm, Github’s markdown parsing library, is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count.