H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. Date published : 2022-01-28 https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md https://www.hhg-multistore.com/
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module....
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. Date published : 2022-01-28 https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md https://www.hhg-multistore.com/
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. Date published : 2022-01-28 https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md https://www.hhg-multistore.com/
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. Date published : 2022-01-28 https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md https://www.hhg-multistore.com/
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. Date published : 2022-01-28 https://docs.suitecrm.com/8.x/admin/releases/8.0/ https://docs.suitecrm.com/admin/releases/7.12.x/
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. Date published : 2022-01-28 https://docs.suitecrm.com/8.x/admin/releases/8.0/ https://docs.suitecrm.com/admin/releases/7.12.x/
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. Date published : 2022-01-28 https://docs.suitecrm.com/8.x/admin/releases/8.0/ https://docs.suitecrm.com/admin/releases/7.12.x/
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. Date published : 2022-01-28 https://kuiilsec.github.io/blog/cve-2021-45436/
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement...
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. Date...
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can...
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can...
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can...