Stock Management System 1.0 – ‘brandId and categoriesId’ SQL Injection
>> AUTHOR: deepcore
Stock Management System 1.0 – ‘brandId and categoriesId’ SQL Injection
Car Rental Management System 1.0 – Arbitrary File Upload
Hrsale version 2.0.0 suffers from a local file inclusion vulnerability.
School Faculty Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.
School Faculty Scheduling System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
GOautodial version 4.0 suffers from a remote shell upload vulnerability.
Tiki Wiki CMS Groupware version 21.1 suffers from an authentication bypass vulnerability.
Libtaxii versions 1.1.117 and below and OpenTaxi versions 0.2.0 and below suffer from a server-side request forgery vulnerability.
Bludit versions 3.9.2 and below bruteforce mitigation bypass exploit. Please visit the related homepage for deep dive details on usage.
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the…