OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
>> AUTHOR: deepcore
Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
http://korat3.go.th/vz.txt notified by aDriv4
Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.
Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.