Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)
Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.
Firebase’s PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.
NetGear D1500 version 1.0.0.21_1.0.1PE suffers from a persistent cross site scripting vulnerability.
COMMAX Biometric Access Control System version 1.0.0 suffers from a cross site scripting vulnerability.
Chrome suffers from a JS object corruption vulnerability in WasmJs::InstallConditionalFeatures.
Simple Water Refilling Station Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Simple Water Refilling Station Management System version 1.0 suffers from a remote shell upload vulnerability.