The latest version (5.1) and all prior versions of Intel’s Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user “dcm” used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate […]
Intel Data Center Manager’s endpoint at “/DcmConsole/DataAccessServlet?action=getRoomRackData” is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter “dataName” is processed by the web application. Versions 4.1 and below are affected.
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
Senayan Library Management System version 9.4.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.0 suffers from a cross site scripting vulnerability.
Senayan Library Management System version 9.0.l0 suffers from a remote SQL injection vulnerability.
Senayan Library Management System 9.1.0 suffers from a remote SQL injection vulnerability.
Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.