Logitech Media Server version 8.2.0 suffers from a cross site scripting vulnerability.
>> CATEGORY: exploit
Alchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.
Keycloak version 12.0.1 suffers from a blind server-side request forgery vulnerability.
Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.
Sonicwall SonicOS version 7.0 suffers from a host header injection vulnerability.
myfactory.FMS versions 7.1-911 and below suffer from a cross site scripting vulnerability.
myfactory.FMS versions 7.1-911 and below suffer from a cross site scripting vulnerability.
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the…
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to…
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in…