Music Gallery Site version 1.0 suffers from a missing authentication vulnerability that allows for privilege escalation.
Music Gallery Site version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Simple Food Ordering System version 1.0 suffers from a cross site scripting vulnerability.
Simple Food Ordering System version 1.0 suffers from a cross site scripting vulnerability.
Yoga Class Registration System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Froxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render. That leads to remote command […]
Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.
Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]