Clinic Queuing System 1.0 - RCE

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

Vercel Source Code Exposure

Vercel is a popular Cloud provider helping developers hosting their javascript and typescript codebases. Vercel publishes the '/src' endpoint which allows project team members to view application source code. When the 'Logs and Source Protection' option is disabled, the default protection is...

ROS-20240503-05

Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...

CVE-2024-27025

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-27025

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-27025

CVE-2024-27025 concerns the Linux kernel: a NULL return from nla_nest_start() could lead to NULL pointer dereference if not checked. The patch inserts a NULL check and sets errno consistent with other call sites, preventing a potential crash. Public references show the issue resolved in the kerne...

CVE-2024-27025 nbd: null check for nla_nest_start

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号，而不是hmac.Equal，这可能导致产生计时攻击漏洞，从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Vulnerability (NS-SA-2024-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected by a vulnerability: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via contro...

Stock Management System v1.0 - Unauthenticated SQL Injection Exploit

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...

Employee Task Management System in PHP/PDO Free Source Code - admin-manage-user.php SQL injection vulnerability

NAME OF AFFECTED PRODUCTS + Employee Task Management System...

CVE-2024-28878

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code...

APKDeepLens - Android Security Insights In Full Spectrum

APKDeepLens is a Python based tool designed to scan Android applications APK files for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the securit...

GHSA-RR59-H6RH-V84V Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

Improper Input Validation vulnerability in Apache Zeppelin SAP. This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance ...

Driver Disk for Intel ice 1.11.17.1 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Intel's ice driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- ice| Ethernet/NIC| 1.11.17.1 Issues resolved in this...

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

Westermo MRD-315 ASP Source Code Disclosure (CVE-2020-7227)

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

Computer Laboratory Management System 1.0 Cross Site Scripting

Vulnerability Details: Application Name: Computer Laboratory Management System Software Link: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Vendor Homepage: https://www.sourcecodester.com/users/tips23 BuG: Insecure Direct Object References...