Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Music Gallery Site 1.0 Privilege Escalation / Missing Authentication

Music Gallery Site version 1.0 suffers from a missing authentication vulnerability that allows for privilege escalation.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#apple#linux#git#php#perl#auth#chrome#webkit
Employee Task Management System 1.0 SQL Injection

Employee Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Employee Task Management System 1.0 Privilege Escalation

Employee Task Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

Auto Dealer Management System 1.0 SQL Injection

Auto Dealer Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Auto Dealer Management System 1.0 Privilege Escalation

Auto Dealer Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

Kshitish 2.0 Default Credentials

Kshitish Multipurpose eCommerce Platform version 2.0 leaves default administrative credentials installed post installation.

CVE-2023-1007: WindowsKernelVuln/unassigned2 at master · zeze-zeze/WindowsKernelVuln

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

CVE-2023-1009: Vuln/1.md at main · xxy1126/Vuln

A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.

Threat Round up for February 17 to February 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 17 and Feb. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed...

CVE-2023-0997: bug_report/SQLi-1.md at main · jidle123/bug_report

A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.