Monthly Archive: November 2020

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as...

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Date published : 2020-11-17 Artworks Gallery IN PHP, CSS, JavaScript, AND MYSQL |...

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Date published : 2020-11-17 Artworks Gallery IN PHP, CSS, JavaScript, AND MYSQL |...

In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke...

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. Date published : 2020-11-17 https://github.com/sartlabs/0days/tree/main/WBS https://research-labs.net/search/exploits/water-billing-system-10-username-and-password-parameters-sql-injection

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. Date published : 2020-11-17 https://www.exploit-db.com/exploits/48438 https://www.sourcecodester.com/php/14185/online-clothing-store.html

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. Date published : 2020-11-17 https://www.exploit-db.com/exploits/48426 https://www.sourcecodester.com/php/14185/online-clothing-store.html

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. Date published : 2020-11-17 https://www.exploit-db.com/exploits/48429 https://www.sourcecodester.com/php/14185/online-clothing-store.html

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Date published : 2020-11-17 https://phpgurukul.com/tourism-management-system-free-download/ https://www.exploit-db.com/exploits/48892

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php....

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos...

Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’. Date published : 2020-11-17 https://www.exploit-db.com/exploits/48941...

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= Date published : 2020-11-17 http://packetstormsecurity.com/files/160128/PESCMS-TEAM-2.3.2-Cross-Site-Scripting.html https://github.com/lazyphp/PESCMS-TEAM/issues/6

Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. Date published : 2020-11-17 BASETech IP camera analysis