Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Date published : 2021-07-23 https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website%20-upload.md
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. Date published : 2021-07-23 https://github.com/BigTiger2020/Responsive-Ordering-System/blob/main/Responsive%20Ordering%20System.md
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. Date published : 2021-07-23 https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website-xss.md
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to CMSsite-masteradminincludesadmin_add_post.php. Date published : 2021-07-23 https://github.com/TCSWT/Victor-CMS/blob/main/README.md
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. Date published : 2021-07-23 https://github.com/TCSWT/Learning-Management-System/blob/main/README.md
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. Date published : 2021-07-23 https://hackerone.com/reports/808942 https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB...
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming...
ASRock 4×4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. Date published : 2021-07-23 https://dannyodler.medium.com/attacking-the-golden-ring-on-amd-mini-pc-b7bfb217b437 https://www.asrock.com/support/index.us.asp?cat=BIOS
Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control. Date...
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or...
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel...
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. Date published :...
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. Date published : 2021-07-22 http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com