KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or…
KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include…
CSZ CMS 1.2.9 – ‘Multiple’ Arbitrary File Deletion
KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated)
KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass
KevinLAB BEMS 1.0 – Undocumented Backdoor Account
http://www.takesa1.go.th notified by Salman Hacker
The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.
PEEL Shopping version 9.3.0 suffers from a remote SQL injection vulnerability.