![]() Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. Zoo_management_system_project - zoo_management_system Zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.Īn incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.Īn arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.Īn arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. Mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.ĭell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. The exploit has been disclosed to the public and may be used. The attack can be initiated remotely and does not require authentication. The manipulation with a POST request leads to privilege escalation. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. School_club_application_system_project - school_club_application_systemĪ vulnerability classified as critical was found in School Club Application System 1.0. Possible arbitrary code execution if being exploited. Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.Ī command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.Īn SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.Ī Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) _destruct in \Routing\PendingResourceRegistration.php, (2) _cal in Queue\Capsule\Manager.php, and (3) _invoke in mockery\library\Mockery\ClosureWrapper.php. php files in media and files directory by default.Ī link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. htacess configuration to deny execution of. An authenticated attacker can upload a PHP file and bypass the. RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system accessĪn Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. ![]() ![]() Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.įOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.ĭell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms.
0 Comments
Leave a Reply. |