Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from an insecure direct object reference flaw that can be exploited by...

CVE-2023-0840

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users=info=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2024-2292

CVE-2024-2292 describes an access-control flaw that lets unauthorized users view and modify other users’ data. The primary sources agree on lack of proper access control as the root cause, with the NVD/Red Hat and related entries confirming this as the issue. The CVSS score is 7.1 (HIGH) with net...

Insecure Direct Object Reference (IDOR)

org.apache.streampark, streampark is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to improper handling of authorization tokens, allowing attackers to manually request and view all users' flink information, including executeSQL an...

Xiaomi: CORS Misconfiguration, could lead to disclosure of users information

This will result in the leakage of the users IP by exploiting this cors misconfiguration issue There is no impact...

Vanilla: Forum Users Information Disclosure

Summary: An unauthorized even unauthenticated user is able to view some private information about forum users. this information includes: email address even if the user not allows it, IP address of the user, data of some of the private messages between two users. Description: by brute forcing...

WP Comment Remix 1.4.3 - Remote SQL Injection Exploit

No description provided by source. ?php / WP Comment Remix 1.4.3 SQL Injection Proof of Concept By g30rg3x g30rg3xatchxsecuritydotorg Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a...

TimeLive Time and Expense Tracking Multiple Vulnerabilities

The host is running TimeLive Time and Expense Tracking and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodtimelivetimeandexpensetrackingmultvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ TimeLive Time and Expense Tracking Multiple Vulnerabilities Authors: Antu Sanadi...

Netbiter webSCADA Disclosure

STANKOINFORMZASCHITA-10-01 Netbiter® webSCADA – multiple vulnerabilities Authors: Eugene Salov [email protected], Andrej Komarov [email protected] Product: Netbiter® webSCADA CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:R/C:C/I:C/A:C Impact Subscore: 10.0 Exploitability Subscore: 8.0 Availability of...

cmme-disclose.txt

WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...