Simple Client Management System 1.0 is vulnerable to SQL Injection via cmsadmin?page=client/manage_client&id=. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-1.md
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place —> id. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-2.md
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Money-Transfer-Management-System/SQLi-6.md
Money Transfer Management System 1.0 is vulnerable to SQL Injection via mtmsclassesMaster.php?f=delete_transaction. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Money-Transfer-Management-System/SQLi-5.md
Money Transfer Management System 1.0 is vulnerable to SQL Injection via mtmsclassesMaster.php?f=delete_fee. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Money-Transfer-Management-System/SQLi-4.md
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Money-Transfer-Management-System/SQLi-3.md
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. Date published : 2022-05-12 https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Money-Transfer-Management-System/SQLi-2.md
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation...
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources. Date published : 2022-05-12 https://www.gruppotim.it/it/footer/red-team.html https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. Date published : 2022-05-12 https://github.com/nginx/njs/commit/222d6fdcf0c6485ec8e175f3a7b70d650c234b4e https://github.com/nginx/njs/issues/467
Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. Date published : 2022-05-12 https://github.com/Moddable-OpenSource/moddable/commit/135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 https://github.com/Moddable-OpenSource/moddable/issues/896
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. Date published : 2022-05-12 https://github.com/qinggan/phpok/issues/12
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Date published : 2022-05-12 https://github.com/ionize/ionize/issues/405
IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. Date published : 2022-05-12 https://github.com/ionize/ionize/issues/404