ERPGo SaaS CRM 3.3 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
Archive for January, 2023
Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Medisense-Healthcare Solutions CRM version 2.0 suffers from a cross site request forgery vulnerability.
Tiki Wiki CMS Groupware 25.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Tiki Wiki CMS Groupware version 25.0 suffers from a cross site scripting vulnerability.
Online Food Ordering System 2.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Online Food Ordering System version 2.0 suffers from a cross site scripting vulnerability.
Linux khugepaged Race Conditions
Posted by deepcore under exploit (No Respond)
khugepaged on Linux races with rmap-based zap, races with GUP-fast, and fails to call MMU notifiers.
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
Posted by deepcore under exploit (No Respond)
WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.
ADMINA BULGARIA Ltd 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
ADMINA BULGARIA Ltd version 1.0 suffers from a remote SQL injection vulnerability.
AdminSeg 2.15 Insecure Direct Object Reference
Posted by deepcore under exploit (No Respond)
AdminSeg version 2.15 suffers from an insecure direct object reference that allows users to access the administrative interface.
BDWeb-Link LMS 1.11.5 Insecure Direct Object Reference
Posted by deepcore under exploit (No Respond)
BDWeb-Link LMS version 1.11.5 suffers from an insecure direct object reference that allows users to access the administrative interface.
Corpatech CMS 2 SQL Injection
Posted by deepcore under exploit (No Respond)
Corpatech CMS version 2 suffers from a remote SQL injection vulnerability.