CVE-2023-41921

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

Faculty Evaluation System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Faculty Evaluation System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Simple Inventory Management System v1.0 - (email) SQL Injection Vulnerability

Exploit Title: Simple Inventory Management System v1.0 - 'email' SQL Injection Application: Simple Inventory Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Design/Logic Flaw

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

PT-2022-26907 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue allows attackers who can control agent processes ...

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

CVE-2022-43423

CVE-2022-43423 concerns the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions

WordPress plugin Project Source Code Download 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...

Vehicle Parking Management System 1.0 - (catename) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...

Web-Sesame Security Vulnerability

TIL Web-Sesame is a device from the French company Avaya TIL that allows unified monitoring and management of all information and electronically controlled devices in a building. The device can be connected to several monitoring terminals for management. A security vulnerability exists in...

Online Bus Ticket Reservation 1.0 - SQL Injection

Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection Date: 2020-12-07 Exploit Author: Sakshi Sharma Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html Software Link:...

Blue Shield Web Page Tamper Protection System Has Arbitrary Source Code File Download Vulnerability

BlueShield Web Tamper Protection System is a web page tampering prevention product. Blueshield Web Tamper Protection System has an arbitrary source code file download vulnerability. As long as the php followed by %20, %2e, ::$DATA may download php files, allowing attackers to obtain the source...

Path Traversal in AWS XMS

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...

The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net

Management system part of the function is as follows: （１）online add, modify, delete administrators （２）online add, modify, delete customer records, supporting HTML, etc.. （３）the front Desk recorded with the tracking function.． As well as the track record and the number of clicks on the display...