CVE-2025-13300 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

Fedora 41 : webkitgtk (2024-b142cc07d0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b142cc07d0 advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...

Path traversal

A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/deletefile. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to...

CVE-2023-6899

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/saveconfig of the component Config Handler. The manipulation of the argument valuetemplate leads to code injection. The exploit ha...

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

PT-2023-20298 · WordPress · Sebastian Krysmanski Upload File Type Settings

Name of the Vulnerable Software and Affected Versions: Sebastian Krysmanski Upload File Type Settings plugin versions = 1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For...

SUSE CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

SuiteCRM Remote Code Execution Vulnerability

SuiteCRM is a free open source customer relationship management application. A remote code execution vulnerability exists in SuiteCRM versions prior to 7.11.17. The vulnerability can be exploited to achieve remote code execution via log file system settings and log file poisoning...

Linux: authpriv.* facility in /etc/rsyslog.conf

The facility argument is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differently. - LOGAUTHPRIV: security/authorization messages private. The asterisk SPDX-FileCopyrightText: 2020...

ZTE ZXCDN IAMWEB Misconfiguration Vulnerability

ZTE ZXCDN IAMWEB is an authentication product from ZTE Corporation ZTE, China. A configuration error vulnerability exists in ZTE ZXCDN IAMWEB version 6.01.03.01. The vulnerability stems from the existence of unreasonable file configuration, parameter configuration, etc. during the use of a networ...

Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath.0 Parameter Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied inpu...

FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC

No description provided by source. Title : FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC Author : Dark-Puzzle Souhail Hammou Type : PoC Risk : High Vendor : Image Line: http://www.image-line.com/downloads/flstudiodownload.html Versions : 10 Producer Edition Other Versions May be...

openSUSE Security Update : subversion (openSUSE-SU-2013:1442-1)

This subversion update includes a security fix and several minor changes. - update to 1.7.13 bnc836245 - User-visible changes : - General - merge: fix bogus mergeinfo with conflicting file merges - diff: fix duplicated path component in '--summarize' output - raserf: ignore case when checking...

FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC)

FL Studio 10 Producer Edition - Buffer Overflow SEH PoC Title : FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC Author : Dark-Puzzle Souhail Hammou Type : PoC Risk : High Vendor : Image Line: http://www.image-line.com/downloads/flstudiodownload.html Versions : 10 Producer Edition...

Design/Logic Flaw

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...