DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020030177 https://packetstormsecurity.com/files/156959/DesignMasterEvents-CMS-1.0-SQL-Injection-Cross-Site-Scripting.html
13enforme CMS 1.0 has SQL Injection via the ‘content.php’ id parameter. Date published : 2020-08-27 https://packetstormsecurity.com/files/157094/13enforme-CMS-SQL-Injection-Cross-Site-Scripting.html
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020030150 https://packetstormsecurity.com/files/156939/Soluzione-Globale-Ecommerce-CMS-1-SQL-Injection.html
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the ‘team.php,player.php,club.php’ id parameter. Date published : 2020-08-27 https://packetstormsecurity.com/files/157049/KandNconcepts-Club-CMS-1.1-1.2-Cross-Site-Scripting-SQL-Injection.html
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the ‘content.php’ id parameter. Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020030174 https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the ‘search.php’ id parameter. Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020030174 https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020050071 https://packetstormsecurity.com/files/157599/Create-Project-Manager-1.07-Cross-Site-Scripting-HTML-Injection.html
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the ‘team.php,player.php,club.php’ id parameter. Date published : 2020-08-27 https://packetstormsecurity.com/files/157049/KandNconcepts-Club-CMS-1.1-1.2-Cross-Site-Scripting-SQL-Injection.html
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which...
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. Date published : 2020-08-27 https://vimeo.com/427083932
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. Date published : 2020-08-27 https://medium.com/@reliable_lait_mouse_975/mercedes-comand-infotainment-improper-format-strings-handling-4c67063d744e
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling...
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor...
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Date published : 2020-08-27 https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 https://usn.ubuntu.com/4467-1/