93 matches found
PT-2023-21724 · Unknown · Smartcars 3
Name of the Vulnerable Software and Affected Versions: smartCARS 3 versions 0.5.8 and prior Description: The issue affects smartCARS 3, a flight tracking software. In the affected versions, failed login attempts result in passwords being stored in error logs. This does not occur in version 0.5.9...
CVE-2023-22476
Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...
CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated...
Chinese Spies Hacked a Livestock App to Breach US State Networks
Vulnerabilities in animal tracking software USAHERDS and Log4j gave the notorious APT41 group a foothold in multiple government systems...
JetBrains YouTrack Server-Side Template Injection Vulnerability (CNVD-2022-17758)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to server-side template injection, which can be exploited by attackers to perform SSTI server-side template injection attacks...
JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91661)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that could ...
Unspecified Vulnerability in JetBrains YouTrack (CNVD-2021-09914)
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack before 2020.6.1767, which stems from a...
Unspecified Vulnerability in JetBrains YouTrack
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack that stems from doing improper resourc...
Facial recognition: tech giants take a step back
Last week, a few major tech companies informed the public that they will not provide facial recognition software to law enforcement. These companies are concerned about the way in which their technology might be used. What happens when software that threatens our privacy falls into the hands of...
gps-server.net GPS Tracking Software (self hosted) Remote Code Execution Vulnerability
gps-server.net GPS Tracking Software self hosted is a GPS location tracking program. The program is able to manage tracking history, reports, events, notifications and more. A security vulnerability exists in the 'writeLog' function in the fncommon.php file in gps-server.net GPS Tracking Software...
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...
CVE-2017-17097
gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...
CVE-2017-17097
gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
Cross site request forgery (csrf)
gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
Cross site request forgery (csrf)
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
CVE-2017-17097
gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...
CVE-2017-17098
CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...