EUVD-2011-5120

Malware in sbrugna...

Cross site scripting

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

CVE-2021-43657

CVE-2021-43657 is a stored XSS vulnerability in Sourcecodetester Simple Client Management System (SCMS) v1.0, exploitable via MAster.php input fields. The issue allows an attacker to inject arbitrary script/HTML on victims’ browsers. Affected component: MAster.php in SCMS 1.0; root cause: stored ...

CVE-2022-31908

Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php...

Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

Multibranch Pipelines by default limit who can change the Pipeline definition from the Jenkinsfile. This is useful for SCMs like GitHub: Jenkins can build content from users without commit access, but who can submit pull requests, without granting them the ability to modify the Pipeline definitio...

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

CVE-2020-19954

An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...

Arbitrary File Download Vulnerability in SCMS

SCMS is the underlying engine of a secure content management system. SCMS suffers from an arbitrary file download vulnerability that can be exploited by an attacker to obtain sensitive information...

[SECURITY] Fedora 32 Update: git-2.26.1-1.fc32

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

S-CMS e-commerce system aj***.php page fe*** parameter has SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page fe parameters exist SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

Sales & Company Management System Cross-Site Request Forgery Vulnerability

Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A cross-site request forgery vulnerability exists in the member/memberemail.php?action=edit URI in SCMS 2018-06-06 and...

CVE-2018-19925

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. It has SQL injection via the member/memberorder.php type parameter, related to the Ostate parameter...

CVE-2018-19923

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...

CVE-2018-19924

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...

Sql injection

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. It has SQL injection via the member/memberorder.php type parameter, related to the Ostate parameter...

CVE-2018-19924

CVE-2018-19924 affects Sales & Company Management System (SCMS) up to 2018-06-06. The issue allows an attacker to modify the email address during the window between requesting a validation code and entering it, leading to stored XSS payloads in the modified address. Documented sources (Red Hat, C...

CVE-2018-19923

CVE-2018-19923 affects Sales & Company Management System (SCMS) up to 2018-06-06, with a Cross-Site Request Forgery (CSRF) in member/member_email.php?action=edit. Red Hat/CNVD/NVD entries corroborate the issue. CVSS details: CVSSv3 base score 8.8 (HIGH) with network access, user interaction requi...