Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.
bdf19a1c93a8a216cff1545664827634a9baef8a83c8ebb7ba571f139ed08b7a
Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.
317fc4e9931be1f5637f8b1a9a92f3305f2b80aa897d807f8b7b94af2fd3c671
A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.
c55674b96230c64cac5bca2736c46d82917b5d83954b7346ec654295bd66eda4
Feng Office version 3.10.8.21 suffers from a persistent cross site scripting vulnerability.
ad3a7614cba9fce96ba0ef2c4100acb2e516bae93834f646720f56ca266fd5e3
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.
c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.
635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.
4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.
74c4544a3c0353807fe286b034266f311ce4af6f554209e73f1d797e5fbff5cc
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3e
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051
Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.
b07abff2f49d2fe016305db3af08234302945203e601e991d4e73f2065cc5538
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.
94d4f83975f87861e5de23afeddf375d89516755bb5f7b64deb215523821ad76
Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.
31f4b2bfcea7721b795130a73ea23eb4c455761a9210c8e57d648ef7f5a73b61
A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9
Linux versions starting with 6.5 suffer from a read-after-type-change of folio in cachestat() that leads to a kernel pointer leak.
9ed32c7cf46a882e510759c307e0ac2758225c4d00df31c8c83be548a01fd482
The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.
e8bf7735882d4c05983b6e675cc30c123bd15be6138cd6e0ef2ac21890428ded
User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7b9220fd1f8abc396db42df756fbc5a76abf3925bf5357e6721975e8781e9cb
WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.
02cf8f42362fb411dc46a34c050893842dde9be08183674517277a5f694702c4
There is a memory corruption issue in the MFC media processing core on the Pixel 7. It occurs when decoding a malformed H264 stream in Chrome, likely to due to an out of bounds quantization parameter. A write to plane 0 that occurs during macroblock decoding extends past the allocated bounds of the plane, and can overwrite the motion vector (MV) buffer or cause a crash if the adjacent address is unmapped. Both of these allocations are DMA buffers and it is unclear whether this condition is exploitable.
03533e71b8963179a0ae3ad68550b9e5e705a79dd75292d232b287f1c47b89f6
SUPERAntiSpyware Professional X versions 10.0.1264 and below suffer from a privilege escalation vulnerability via dll hijacking.
51e69d31c1c8fb597a06f072d218ce2b5cab6a6aa62de2abc66818247fc4d320
WordPress Alemha Watermarker plugin version 1.3.1 suffers from a persistent cross site scripting vulnerability.
76321559ea1160efa358e69f808c3f1ddba706dca0a3064f8484614856b49b35