Hardcoded credentials

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

Improper Privilege Management in liangliangyy/djangoblog

Description Hi there, I would like to report an improper privilege management vulnerability in djangoblog source code. This would allow an attacker to create comment on behalf of anyone. Proof of Concept 1. Install a local instance of djangoblog, login as admin and create an article 2. Create a n...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

polkit-0.96-CVE-2021-4034 CentOS 7.x already has the RPM pack...

Mageia: Security Advisory (MGASA-2017-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 toc Vulnerability profile Vulnerabilit...

Online Project Time Management System 1.0 Cross Site Scripting

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user...

CVE-2021-45781

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Hardcoded credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped...

Dart has an unspecified vulnerability

Dart is an open source programming language. A security vulnerability exists in the Dart SDK, which could be exploited by an attacker to embed source code that is not visible to code reviewers to modify the behavior of the program in unexpected ways...

Online Railway Reservation System 1.0 - Admin Account Creation Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

MAL-2022-7431 Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

PayPal Free Source Code Access Control Error Vulnerability

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

CVE-2021-40579

The CVE-2021-40579 entry concerns the PayPal Free Source Code Online Enrollment Management System in PHP (version 1.0) and related components, affected by Incorrect Access Control. The underlying impact is remote privilege gain through improper privilege validation when obtaining PHP and PayPal F...

PayPal Free Source Code 访问控制错误漏洞

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-1 Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...