Monthly Archive: May 2022

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. Date published : 2022-05-24 http://cyberlink.com http://power.com

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the ‘working’ folder through the ‘Upload Files / Binaries’ functionality. Date published :...

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit...

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. Date published : 2022-05-24 https://www.ibm.com/support/pages/node/6589601 https://exchange.xforce.ibmcloud.com/vulnerabilities/226951

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid...

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know...

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/room-rent-portal-site/sql.md

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/xss.md

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/room-rent-portal-site/xss.md

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/sql.md

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/toll-tax-management-system/xss.md

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. Date published : 2022-05-24 https://github.com/mikeccltt/chatbot/blob/main/chatbot-app-suggestion-phpoop/xss.md

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. Date published : 2022-05-24 https://github.com/mikeccltt/automotive/blob/main/automotive-shop-management-system/sql.md

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/wbms_bug_report/blob/main/water-billing-management-system/xss.md