U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping

Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...

CVE-2020-13877

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

Sql injection

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

CVE-2020-13877

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

CVE-2020-13774

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)

Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution Unauthenticated Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A...

SQL injection vulnerability in qu***.aspx page of Qixing Fault Reporting System in Shanghai Tsuenlu Software Development Studio.

Qixing Fault Reporting System is a platform based on ASP.NET language to help organizations to report faults. Shanghai Tsuen Road Software Development Studio Qixing Star Fault Reporting System qu.aspx page has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive...

SQL injection vulnerability in the wa***.aspx page of Qixing Exam System Exam Candidate Side at Shanghai Tsuenlu Software Development Studio.

Exam System Exam is a compact exam system for internal corporate use for employee exams. Shanghai Tsuen Road Software Development Studio Qixing Exam System Exam candidate side wa.aspx page there is a SQL injection vulnerability, an attacker can use this vulnerability to obtain sensitive informati...

SQL Injection Vulnerability in Worklog Us***_Ro***.aspx file of Shanghai Tsuen Lu Software Development Studio.

Worklog system Worklog is a system that allows employees to record the content of their work, provide timely feedback to their superiors on difficulties encountered at work, and supervisors can assess the work of their employees and allow the system to generate KPI reports. Worklog UsRo.aspx file...

Exploit for Improper Authentication in Microsoft

Exchange Remote Code Execution cve-2020-0688 - RED TEAM MOD...

CVE-2020-12470

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...

CVE-2020-12470

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...

Code injection

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...

CVE-2020-12470

MonoX CMS: CVE-2020-12470 affects MonoX up to version 5.1.40.5152. The vulnerability allows administrators to execute arbitrary code by modifying an ASPX template. Root cause is modification of the server-side template leading to code execution with high impact (as per multiple sources in connect...

CVE-2020-12470

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...

SQL injection vulnerability in the frontend Ti***_ne***.aspx page of Qixing Trouble Repair System

Qixing Fault Reporting System is a platform based on ASP.NET language to help organizations to report faults. A SQL injection vulnerability exists in the frontend Tine.aspx page of the Qixing Fault Reporting System, which can be exploited by attackers to obtain sensitive information from the...

SQL Injection Vulnerability in Lo***.aspx Page of JunCheng Online Exam System

Jun Cheng Online Exam System is a B/S based online exam system. SQL injection vulnerability exists in the Lo.aspx page of JunCheng Online Exam System, which can be exploited by attackers to obtain sensitive information...

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services IRIS, ZeroCleare so-named because of the program database pathname of its binary file was...

SQL Injection Vulnerability in Kaixin Helpdesk System PC***_ad***.aspx

The Kairos Helpdesk System is a system for dealing with day-to-day issues. A SQL injection vulnerability exists in the Qixing Helpdesk System PCad.aspx, which can be exploited by attackers to obtain sensitive information...

Design/Logic Flaw

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...