Dolibarr ERP CRM 安全漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...

Taier 授权问题漏洞

Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...

389 Directory Server 代码问题漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a code vulnerability in 389 Directory Server, which stems from the control plugin’s failure to check for allocation failures before using BER structures. This...

itsourcecode Hospital Management System 注入漏洞

itsourcecode Hospital Management System is an open-source hospital management system developed by itsourcecode. Version 1.0 of itsourcecode Hospital Management System has a vulnerability related to SQL injection, which stems from the handling of the admissiontime parameter in the addpatient.php...

CodeAstro Payroll System 注入漏洞

The CodeAstro Payroll System is a payroll management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Payroll System has a SQL injection vulnerability. This vulnerability arises from an unknown function in the /homesalary.php file, which improperly handles the parameters...

SourceCodester Barangay Resident Profiling and Information Management System 信任管理问题漏洞

The SourceCodester Barangay Resident Profiling and Information Management System is an open-source system developed by SourceCodester for managing profiles and information of Barangay residents. Version 1.0 of the SourceCodester Barangay Resident Profiling and Information Management System contai...

SourceCodester Inventory System 跨站脚本漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from operations in the file header.php, which may lead to cross-site scripting...

serialization 安全漏洞

Serialization is a data serialization and deserialization tool open source from Boost.org. Versions of serialization 1.91 and earlier have security vulnerabilities. These vulnerabilities stem from improper input validation by unknown functions for specified types, which may lead to remote attacks...

USN-8382-1: Exim vulnerabilities

Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. CVE-2023-51766 It was discovered that Exim incorrectly handled...

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the student-management-system’s authorization mechanism; this vulnerability stems from improper authentication of unknown functions, which may lead to remote attac...

goclaw 访问控制错误漏洞

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier had an authorization issue vulnerability. This vulnerability stems from an improper authorization in the...

SourceCodester Pharmacy Sales and Inventory System 访问控制错误漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a vulnerability related to access control. This vulnerability stems fro...

DaybydayCRM 授权问题漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM 2.2.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper authorization in the view function within the...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

DaybydayCRM 访问控制错误漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM prior to 2.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature of the Setting Handler component, which lacked...

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from a parameter in the function formWlanSetup within the file/goform/formWlanSetup, where enrollee causes a stack...

Tenda W12 安全漏洞

Tenda W12 is a high-performance wireless access point from the Chinese company Tenda. Version 3.0.0.74763 of Tenda W12 contains a security vulnerability. This vulnerability stems from a parameter “sec” in the function cgiSysTimeInfoSet in the file /bin/httpd, which leads to a stack buffer overflo...

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Versions of OFCMS 1.1.3 and earlier had a SQL injection vulnerability. This vulnerability originated from the parameter “system.user.query” in the function Query of the ComnController component’s ComnController.java...

Tenda W12 安全漏洞

Tenda W12 is a high-performance wireless access point from the Chinese company Tenda. Version 3.0.0.74763 of Tenda W12 contains a security vulnerability. This vulnerability stems from a parameter in the function cgiWifiMacFilterSet, namely wifiMacFilterSet.macList.mac, which causes a stack buffer...