Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...

Exploit for OS Command Injection in Siemens Brownfield_Connectivity_Gateway

PoC exploit for CVE-2022-1292, an OpenSSL crehash vulnerability...

Ingredient Stock Management System 1.0 Account Takeover

Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover Unauthenticated Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year well, actually three, it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we hav...

New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report...

Dolibarr CRM allows Privilege Escalation

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

Jenkin allows attackers to obtain passwords by reading the HTML source code

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

The Undertow module of WildFly allows source code disclosure

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

GHSA-4VWV-X3GP-2J4G The Undertow module of WildFly allows source code disclosure

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

Online Discussion Forum Site 1.0 SQL Injection

Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection Date: 15/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html Version: 1.0...

Jenkins Pipeline SCM API for Blue Ocean Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to access arbitrary user...

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

GHSA-8QQ4-8JVQ-MFW4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

CVE-2022-30448

Hospital Management System in PHP with Source Code HMS 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php...

CVE-2022-30449

The CVE-2022-30449 entry refers to the Hospital Management System in PHP with Source Code (HMS) 1.0, vulnerable to SQL injection via the editid parameter in room.php (reported in multiple sources). The NVD CVSS data indicates high/severe impact with network attack vector and no authentication, af...