Jenkins Fabric-beta-publisher Plugin stores credentials in plain text

Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Improper Input Validation in Jenkins

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

GHSA-QF38-F2FR-Q4X9 Improper Input Validation in Jenkins

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

Air Cargo Management System 安全漏洞

Air Cargo Management System is an air cargo management system. v1.0 of Air Cargo Management System contains a security vulnerability that can be exploited to delete files via /acms/classes/Master.php?f=deleteimg...

Merchandise Online Store SQL注入漏洞

Merchandise Online Store is a merchandise online store system. merchandise Online Store has a security vulnerability that can be exploited by attackers via /vloggersmerch/classes/Master.php?f=deletecategory SQL injection attack...

CVE-2022-29745

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=deletetransaction...

CVE-2022-29986

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=deletefacility...

CVE-2022-29989

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=deletebooking...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. version 1.0 of Online Sports Complex Booking System is vulnerable to SQL injection, which originates in scbs/classes/ Master.php?f=delete, the id parameter of the post request lacks...

ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections

The ntfs3g package is susceptible to a stack overflow. When correcting differences between the MFT and MFTMirror, incorrect checks lead to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2022-28414

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=deletemember...

Home Owners Collection Management System SQL注入漏洞

A SQL injection vulnerability exists in Home Owners Collection Management System v1.0, which originates in /hocms/classes/Master.php The vulnerability is caused by a lack of filtering and escaping of SQL data in ?f=deletephase. An attacker could exploit this vulnerability to cause SQL injection...

Simple Real Estate Portal System SQL注入漏洞

Simple Real Estate Portal System is a real estate portal system by Carlo Montero Personal Developer. Simple Real Estate Portal System v1.0 has a security vulnerability that can be exploited by an attacker via /reps/classes/Master.php?f=deleteestate...

Car Driving School Management System SQL注入漏洞

A SQL injection vulnerability exists in Car Driving School Management System, a driving school management system, which originates from /cdsms/classes/Master.php?f=delete package...

CVE-2021-46427

An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php...

The vulnerability of the NTFS file system driver for the FUSE NTFS-3G module, related to writing beyond the buffer boundary, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the NTFS file system driver for the FUSE NTFS-3G module is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures through the creation of a speciall...

In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not the parsing of the records proceeds into the wild.

...

In NTFS-3G versions < 2021.8.22 when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

...

PT-2021-23640 · Unknown · Sourcecodester Online Learning System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Learning System version 2.0 Description: The issue concerns SQL injection authentication bypass in the admin login file /admin/login.php and authenticated file upload in the Master.php file. These vulnerabilities can be...