Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by […]
Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents.
The latest version (5.1) and all prior versions of Intel’s Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user “dcm” used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate […]
Intel Data Center Manager’s endpoint at “/DcmConsole/DataAccessServlet?action=getRoomRackData” is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter “dataName” is processed by the web application. Versions 4.1 and below are affected.
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
Senayan Library Management System version 9.4.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.l0 suffers from a remote SQL injection vulnerability.
Senayan Library Management System 9.1.0 suffers from a remote SQL injection vulnerability.