Monthly Archive: May 2022

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. Date published : 2022-05-23 View post on imgur.com View post on imgur.com

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. Date published : 2022-05-23 View post on imgur.com...

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18...

D-Link DSL-G2452DG HW:T1\tFW:ME_2.00 was discovered to contain insecure permissions. Date published : 2022-05-23 http://d-link.com Trang chủ

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The...

Cross-site Scripting (XSS) – Reflected in GitHub repository collectiveaccess/providence prior to 1.8. Date published : 2022-05-23 https://huntr.dev/bounties/c6ad4cef-1b3d-472f-af0e-68e46341dfe5 https://github.com/collectiveaccess/providence/commit/49de453c8d4942d09fab230e8f242300c831e2a7

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input 1 leads to an...

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input...

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Date published : 2022-05-23 https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927

Improper Access Control in GitHub repository publify/publify prior to 9.2.9. Date published : 2022-05-23 https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability...

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting Date...

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the...

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed...