18 matches found
CVE-2022-31164
Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...
EUVD-2022-52774
Malicious code in bioql PyPI...
EUVD-2023-12778
Malicious code in bioql PyPI...
Unauthorized Access Vulnerability in EduSoho Enterprise Training Open Source Edition
EduSoho enterprise training version is for enterprise customers for enterprise talent training for the goal of learning platform products. EduSoho Enterprise Training Edition is a platform product for enterprise customers for the purpose of enterprise talent training. It provides platform product...
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
CVE-2023-0761
The CVE-2023-0761 entry concerns a CSRF vulnerability in the Clock In Portal – Staff & Attendance Management WordPress plugin (versions
CVE-2023-0762 Clock In Portal <= 2.1 - Designation Deletion via CSRF
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack...
Sql injection
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php...
CVE-2022-31164
Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...
CVE-2022-31164
CVE-2022-31164 affects Tovy, a staff management system for Roblox groups. In versions prior to 0.7.51, the authentication/authorization flow allows a user to log in as another user, including privileged accounts, enabling impersonation. The issue is resolved by upgrading to version 0.7.51 or late...
Shopify: User with no Develop apps permission can Uninstall Custom App
Hi, You know user must have Develop apps permission to Uninstall Develop apps to test this just create staff with Manage and install apps and channels F1601504 send this mutation just change appId by your id...
File upload vulnerability in high-speed rail wifi system
The high-speed rail WiFi system provides an integrated wireless information application platform, which can provide passengers with rich information and entertainment applications, as well as a management platform for on-board staff to the passenger transportation management. There is a file uplo...
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE...
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE :CVE-2018-19138 0x02 CSRF Po...
The Second Question(s) Today’s CEOs Should Ask (& Know the Answers To)
In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...
Arbitrary File Upload Vulnerability in Staff Management System of Guangzhou Zhongda Dongri Technical Education Co.
Guangzhou Zhongda Dongri Technology Education Co. Ltd. specializes in the development and sales of educational technology. This product is a faculty management system. An arbitrary file upload vulnerability exists in the Faculty and Staff Management System of Guangzhou CUHK Dongri Technology...
SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/Sales/meb_his.aspx?id=.
Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...