SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. Date published : 2020-12-23 http://packetstormsecurity.com/files/160606/Library-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea...
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the ‘id’ parameter. Date published : 2020-12-23 http://packetstormsecurity.com/files/160583/Alumni-Management-System-1.0-Blind-SQL-Injection.html
Marital – Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously...
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it...
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. Date published : 2020-12-23 https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. Date published :...
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. Date published : 2020-12-23 https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. Date published : 2020-12-23 https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. Date published : 2020-12-23 https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Date published : 2020-12-23 https://www.qnap.com/zh-tw/security-advisory/qsa-20-17
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Date published : 2020-12-23 https://www.qnap.com/zh-tw/security-advisory/qsa-20-17
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Date published :...
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in...