EUVD-2022-32602

Malicious code in bioql PyPI...

Cross site scripting

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

CVE-2023-48830

Shuttle Booking Software 2.0 is affected by CVE-2023-48830 due to CSV injection in the Languages section during export. The root cause is insufficient input validation on the Unique ID field in the Reservations list used to construct CSV exports. Impact is exposure of injected content in exported...

CVE-2023-48172

CVE-2023-48172 affects Shuttle Booking Software v2.0 (PHP Jabbers). The vulnerability is a Cross Site Scripting (XSS) flaw that allows a remote attacker to inject JavaScript via the name, description, title, or address parameters sent to index.php. Public exploit discussions (e.g., PacketStorm an...

Moodle does not use the forceloginforprofiles setting for course-profiles access control

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google,...

Unrestricted file upload

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

Mumsoft Easy Software 2.0 - Denial of Service (PoC)

Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...