A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. Date published : 2022-03-28 https://github.com/lohyt/Code-execution-via-vulnerable-file-upload-functionality-found-in-Student-Attendance-Management-Syste
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. Date published : 2022-03-28 http://pvu-netze.de/ https://twitter.com/1ofThegutHakrs/status/1508455262885191682
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate...
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. Date published : 2022-03-28...
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : Date published : 2022-03-28 https://github.com/leanote/desktop-app/issues/364
A vulnerability in the bailiwick checking function in Technitium DNS Server
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially...
A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. Date published : 2022-03-28 https://github.com/diyhi/bbs/issues/51
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated...