Monthly Archive: March 2022

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. Date...

Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. Date published : 2022-03-31 https://github.com/maccmspro/maccms10/issues/18

An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. Date published : 2022-03-31 https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/sql.txt

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. Date published : 2022-03-31 https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/xss.txt

A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. Date published :...

A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. Date published : 2022-03-31 https://github.com/mikaelstaer/The-Secretary/issues/10

A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. Date published :...

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. Date published : 2022-03-31 http://rlsec.xyz/vulns/CVE_2021_42946.html

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. Date published :...

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . Date published :...

A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. Date published : 2022-03-31 http://rlsec.xyz/vulns/CVE_2021_42867.html https://rlsec.xyz/vulns/

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php Date published : 2022-03-31 http://rlsec.xyz/vulns/CVE_2021_42866.html

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. Date published :...

An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. Date published : 2022-03-31 https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22