Monthly Archive: May 2021

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in...

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files...

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to...

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. Date published : 2021-05-05 https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html

SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8

Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13

Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12

SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10

SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-05 https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior...

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core...