The latest version (5.1) and all prior versions of Intel’s Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user “dcm” used to run the…
>> CATEGORY: exploit
Intel Data Center Manager’s endpoint at “/DcmConsole/DataAccessServlet?action=getRoomRackData” is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter “dataName” is processed by the web…
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
Senayan Library Management System version 9.4.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.l0 suffers from a remote SQL injection vulnerability.
Senayan Library Management System 9.1.0 suffers from a remote SQL injection vulnerability.
Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending…
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.