GHSA-9R33-XHW8-4QQP HAX CMS: Denial of Service using Malicious Import Request

Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...

PT-2022-27490 · Jenkins · Jenkins Config Rotator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config Rotator Plugin versions 2.0.1 and earlier Description: The issue allows unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system due to a lack of restriction on a file name...

Online Car Wash Booking System 安全漏洞

Online Car Wash Booking System is an online car wash booking system by Carlo Montero. v1.0 of Online Car Wash Booking System is vulnerable to an arbitrary file deletion vulnerability in /ocwbs/classes/Master.php? f=deleteimg page lacks validation for file names, which can be exploited to cause...