Customer Relationship Management (CRM) System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Voting System 1.0 - Remote Code Execution (Unauthenticated) Vulnerability

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Voting System 1.0 SQL Injection

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Human Resource Information System 0.1 Remote Code Execution

Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Jetty WEB-INF File Disclosure

File disclosure vulnerability in Jetty via ambiguous paths Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

[SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

Schlix CMS 2.2.6-6 Cross Site Scripting

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

Schlix CMS 2.2.6-6 - (title) Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

Internship Portal Management System 1.0 Shell Upload

Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Unauthenticated Date: 2021-05-04 Exploit Author: argenestel Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html Software Link:...

Exploit for Path Traversal in Atlassian Confluence_Server

Confluence unauthorize template injection CVE-2019-3396...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

Security Bulletin: Vulnerability in Help system affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-0113)

Summary An undisclosed vulnerability in the help system affects the following IBM Jazz based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC,...

Arbitrary File Download Vulnerability in VUMC Cloud at Shanghai VUMC Software Co.

Ltd. is a foreign trade SaaS service provider, but also a professional foreign trade industry solutions provider. Ltd. VUMA Cloud suffers from an arbitrary file download vulnerability. An attacker can exploit the vulnerability to obtain source code information...

MariaDB: Git Config

Hey Team, I am a Security Researcher and I have found that one of your domain is leaking the git file which may led to source code of git repository exposing can led to sophisticated attacks so kindly remove it. Vuln URL - http://foundation01.mariadb.org/.git/config BEST, ABHINAV SHARMA -...

CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

Code injection

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...