PT-2021-7763 · Unknown · Nucleus Net +7

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...

[SECURITY] Fedora 32 Update: python-pygments-2.4.2-8.fc32

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

Cybersecurity firm Stormshield breach; customer data, source code stolen

By Saad Rajpoot Stormshield suspects that there is a possibility that the attacker has the Technical Exchanges and Personal Data of the users. A French cybersecurity firm Stormsheild has identified a security breach. The breach affected their technical portal which is used by the users for the...

Flawfinder - A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code

This is "flawfinder" by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more...

Online Reviewer System 1.0 SQL Injection / Shell Upload

!/bin/bash Exploit Title: Online Reviewer System PHPPDO - RCE & ADMIN BYPASS Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting

Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html Software Link:...

PT-2022-17695 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana versions through 7.3.4 Description: An issue was discovered in Grafana when integrated with Zabbix, allowing the Zabbix password to be found in the "api jsonrpc.php" HTML source code. When a user logs in and is allowed to register, on...

Simple College Website 1.0 - 'full' Stored Cross Site Scripting

Exploit Title: Simple College Website 1.0 - 'full' Stored Cross Site Scripting Exploit Author: Marco Catalano @stunn4 Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html Software Link:...

Library System 1.0 - 'category' SQL Injection

Exploit Title: Library System 1.0 - 'category' SQL Injection Exploit Author: Aitor Herrero Date: 2021-01-22 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html Version: 1.0...

Arbitrary File Read Vulnerability in SongCMS

SongCMS is a free and open source CMS based on PHP+MySQL, ASP+Access/SQL Server development, enterprise-oriented, multi-language support. SSongCMS arbitrary file reading vulnerability , an attacker can use the vulnerability to read the site source code , any file...

Cross site scripting

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting XSS in the Employees, First Name and Last Name fields...

CVE-2020-35271

CVE-2020-35271 affects the Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the Employees, First Name, and Last Name fields. Exploitation details are not provided in the connected documents, and no remediation or ...

Kartpay: Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.

The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team...

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...

Life Insurance Management System 1.0 SQL Injection

Exploit Title: Life Insurance Management System 1.0 - 'clientid' SQL Injection Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version:...

Apache Tomcat Information Disclosure Vulnerability (CNVD-2021-11841)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...

CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

Design/Logic Flaw

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

CVE-2021-24122

CVE-2021-24122 affects Apache Tomcat across multiple branches (7.0.x, 8.5.x, 9.x, 10.x). Root cause: JSP source disclosure when serving resources from a network/NTFS location due to JRE File.getCanonicalPath() and FindFirstFileW behavior. Affected versions include 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1...

CVE-2021-24122 Apache Tomcat information disclosure

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...