College Management System 1.0 Insecure Direct Object Reference

Exploit Title: college management system - Add admin Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version: 1.0 Teste...

CVE-2021-40975

Cross-site scripting XSS vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML via the searchtitle parameter...

CVE-2021-40975

Cross-site scripting XSS vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML via the searchtitle parameter...

CVE-2021-40975

The CVE-2021-40975 entry concerns a Cross-site scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap. Affected component: application/modules/admin/views/ecommerce/products.php within Ecommerce-CodeIgniter-Bootstrap (CodeIgniter 3.1.11, Bootstrap 3.3.7). The root cause is unsanitized i...

Ecommerce-CodeIgniter-Bootstrap 跨站脚本漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A cross-site scripting vulnerability in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML vi...

dn-bootstrap-table-mobile (=1.0.0) potentially affected by CVE-2021-23472 via bootstrap-table (=1.11.1)

bootstrap-table NPM version =1.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-table and may be impacted: - dn-bootstrap-table-mobile =1.0.0 Source cves: CVE-2021-23472 Source advisory: SNYK:JS-BOOTSTRAPTABLE-1657597...

Cross-site Scripting (XSS)

Overview bootstrap-table is an extended table to integration with some of the most widely used CSS frameworks. Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability...

SUSE-SU-2021:3170-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection bsc1189458 - CVE-2021-40324: Fixed an arbitrary file write bsc11894...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java, using the JFinal web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist improper access control vulnerabilities. An attacker can use the...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...

Jfinal cms command injection vulnerability

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist command injection vulnerability. An attacker can upload a...

Jfinal cmsS cross-site scripting vulnerability

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. cross-site scripting vulnerability exists in Jfinal CMS 4.7.1 and earlier versions. An...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1250-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Tenable SecurityCenter < 5.19.0 Multiple XSS Vulnerabilities (TNS-2021-14)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: - Bootstrap - SimpleSAML Note that successful exploitation of the most serious issues...

bootstrap security update

3.0.0-7.0.1 - Backport jQuery CVE-2020-11023 fixes from jQuery v3.5.0 to bundled v1.10.2 Orabug: 33181852...

AZL-25953 CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.5.0-6

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected...

AZL-34808 CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected...