#php

Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.

pgAdmin versions 8.4 and earlier are affected by a remote reverse connection execution vulnerability via the binary path validation API.

SPIP version 4.2.7 suffers from a code execution vulnerability.

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.

File Management System version 1.0 suffers from a cross site request forgery vulnerability.

Faculty Evaluation System version 1.0 suffers from a cross site request forgery vulnerability.

eClass LMS version 6.2.0 suffers from a remote shell upload vulnerability.

Free Hospital Management System for Small Practices version 1.0 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection point 2 is on vicidial/admin.php when adding a user, in the access_recordings parameter. Injection point 3 is on vicidial/admin.php when adding a user, in the agentcall_email parameter. Injection point 4 is on vicidial/AST_agent_time_sheet.php when adding a user, in the agent parameter. Injection point 5 is on vicidial/user_stats.php when adding a user, in the file_download parameter. VICIdial does not encrypt passwords by default.