A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%’/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/’frfq%’=’frfq leads to sql injection....
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of...
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/xss.md
A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input leads to cross site scripting. The attack may...
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications,...
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/room-rent-portal-site/sql.md
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. Date published : 2022-05-24 https://huntr.dev/bounties/8dfe0877-e44b-4a1a-8eee-5c03c93ae90a https://github.com/erudika/para/commit/fa677c629842df60099daa9c23bd802bc41b48d1
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting...
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know...
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. Date published : 2022-05-24 https://huntr.dev/bounties/881f8f36-d5c8-470d-8261-f109e6d5db4b https://github.com/filegator/filegator/commit/fcd3995f64f5dfc6a4c2c059cc22a2fef1e81225
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report/blob/main/vendors/oretnom23/merchandise-online-store/SQL-1.md
Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. Date published : 2022-05-24 https://huntr.dev/bounties/07755f07-a412-4911-84a4-2f8c03c8f7ce https://github.com/filegator/filegator/commit/6e2b68f17f48cdc1d6a4a93a2369d2069fe64989
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. Date published : 2022-05-24 https://github.com/mikeccltt/badminton-center-management-system/blob/main/badminton-center-management-system.md
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and...
