5315 matches found
CVE-2019-4352
CVE-2019-4352 affects IBM Maximo Anywhere 7.6.4.0, where the product’s source code could be deobfuscated due to lack of binary obfuscation. The vulnerability’s CVSS details indicate a low-severity impact (C:L, I:N, A:N) with a physical attack vector and no authentication required. IBM’s bulletin ...
Simple Student Quarterly Result/Grade System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
IBM Maximo Anywhere 加密问题漏洞
IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. An encryption vulnerability exists in IBM Maximo Anywhere, which stems from the product's failure to effectively protect program source code. An attacker could obfuscate the source code through...
Multi-Vendor Online Groceries Management System 1.0 SQL Injection
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
Security Bulletin: IBM Maximo Anywhere applications have no binary obfuscation
Summary IBM Maximo Anywhere applications have no binary obfuscation of source code allowing the applications to be de-compiled. Vulnerability Details CVEID: CVE-2019-4352 DESCRIPTION: IBM Maximo Anywhere applications could allow obfuscation of the application source code. CVSS Base score: 2.4 CVS...
Hardcoded credentials
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...
CVE-2020-36062
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...
Accounting Journal Management System 1.0 SQL Injection
Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...
CVE-2022-0561
Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...
CVE-2022-0561
Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...
Nextcloud: Information Exposure Through Directory Listing vulnerability
A directory listing provides an attacker with the complete index of all the resources located inside of the directory as well as download or access its contents. While the researcher did not dig deeper on to the available files, it might be possible that these websites host sensitive information...
Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
AlmaLinux 8 : gcc-toolset-11-annobin (ALSA-2021:4591)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4591 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
AlmaLinux 8 : gcc-toolset-10-annobin (ALSA-2021:4592)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4592 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
AlmaLinux 8 : annobin (ALSA-2021:4593)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4593 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
AlmaLinux 8 : gcc-toolset-11-gcc (ALSA-2021:4586)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4586 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
AlmaLinux 8 : llvm-toolset:rhel8 (ALSA-2021:4743)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4743 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in cla...