ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.) Date published : 2021-07-29 https://www.objectplanet.com/opinio/changelog.html https://packetstormsecurity.com/files/163699/ObjectPlanet-Opinio-7.12-Cross-Site-Scripting.html
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. Date published : 2021-07-29 https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. Date published : 2021-07-29 https://github.com/flatpressblog/flatpress/issues/64 https://www.baomatcoban.info/2020/04/funnymini0day-flatpress-11-cross-site.html
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. Date published : 2021-07-29 https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68 https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html
SQL Injection vulnerability in NukeViet CMS 4.0.10 – 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. Date published : 2021-07-29 https://github.com/nukeviet/nukeviet/blob/4.3.08/CHANGELOG.txt#L11 https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. Date published : 2021-07-29 https://github.com/sword1991912/metinfo/issues/1
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. Date published : 2021-07-29 https://www.cnblogs.com/echod/articles/10380909.html
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. Date published : 2021-07-29 https://github.com/je6k/ctf-challenges/blob/master/poc.txt
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there’s a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack...
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations. Date published : 2021-07-28...
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number...
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. Date published : 2021-07-28 https://www.exploit-db.com/exploits/49740
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. Date published : 2021-07-28 https://www.exploit-db.com/exploits/49741
A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster’s confidential...