CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....

CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....

CVE-2024-5109 Campcodes Complete Web-Based School Management System student_payment_history.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...

CVE-2024-4909 Campcodes Complete Web-Based School Management System student_due_payment.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...

CVE-2024-4909 Campcodes Complete Web-Based School Management System student_due_payment.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

CVE-2022-41947

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2024-5112 Campcodes Complete Web-Based School Management System student_profile.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...

CVE-2024-5109 Campcodes Complete Web-Based School Management System student_payment_history.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...

CVE-2024-5105 Campcodes Complete Web-Based School Management System student_payment_details.php sql injection

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...

CVE-2024-5105 Campcodes Complete Web-Based School Management System student_payment_details.php sql injection

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...

CVE-2024-35328

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share implementation flaws, but may share design flaws mdeslaur |...

CVE-2024-5112 Campcodes Complete Web-Based School Management System student_profile.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...

CVE-2024-5231 Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be...

CVE-2024-5115 Campcodes Complete Web-Based School Management System teacher_profile.php sql injection

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched....

CVE-2024-5239 Campcodes Complete Web-Based School Management System timetable_update_form.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated...

CVE-2024-5238 Campcodes Complete Web-Based School Management System timetable_insert_form.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack.....

CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.4 (RHSA-2023:4909)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4909 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...

CVE-2024-35326

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...

ThinkPHP 5.0.24 - Information Disclosure

ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...

Splunk <=7.0.1 - Information Disclosure

Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license...

CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid...

CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...

CVE-2024-4718 Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.3 (RHSA-2023:3420)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3420 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...

design-atelier.co.in Cross Site Scripting vulnerability OBB-3864663

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

MicroLogix 1400 PLC Web Server Request Handling RCE

The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can...

Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the...

CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...

Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure

By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...

Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure

By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...

Exploit for CVE-2023-22515

Confluence Hack CVE-2023-22515 exploit.py Exploit to...

CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...

Dell EMC Data Protection Central Web Interface Detected

Detects the web interface for Dell EMC Data Protection Central on the remote...

Zendframework Potential XSS or HTML Injection vector in Zend_Json

Zend_Json_Encoder was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON...

ZendFramework Potential Cross-site Scripting in Development Environment Error View Script

The default error handling view script generated using Zend_Tool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. Zend_Tool_Project_Context_Zf_ViewScriptFile was patched such that the view script template now...

CVE-2024-4718 Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...

CVE-2024-35329

libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...

VMware Aria Operations For Networks Web Interface Detection

The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...

Schneider Electric InduSoft Web Studio Arbitrary Script Execution

The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....

SQL Injection

Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.8 (RHSA-2024:1318)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1318 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...

RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3.1 (RHSA-2020:2506)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2506 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...

CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...