In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them. Date published :...
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Date published : 2020-12-18 http://packetstormsecurity.com/files/160631/Spiceworks-7.5-HTTP-Header-Injection.html https://github.com/Ramikan/Vulnerabilities/blob/master/Spiceworks%20version%207.5%20HTTP%20Header%20Injection
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access...
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an...
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. Date published : 2020-12-18 https://www.mitel.com/support/security-advisories
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view...
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. Date published : 2020-12-18 https://www.mitel.com/support/security-advisories
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. Date published : 2020-12-18 https://www.mitel.com/support/security-advisories
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter ‘section’. Date published : 2020-12-18...
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Date published : 2020-12-18 http://packetstormsecurity.com/files/160635/SCO-Openserver-5.0.7-Command-Injection.html https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20OS%20Command%20Injection%20Vulnerability
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. Date published : 2020-12-18 https://www.mitel.com/support/security-advisories
SQL injection vulnerability in the wp_where function in WeiPHP 5.0. Date published : 2020-12-18 https://github.com/Y4er/Y4er.com/blob/master/content/post/weiphp-exp-sql.md
WeiPHP 5.0 does not properly restrict access to pages, related to using POST. Date published : 2020-12-18 https://github.com/Y4er/Y4er.com/blob/master/content/post/weiphp5-unauthorized.md
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. Date published : 2020-12-18 https://y4er.com/post/zzzphp-rce/