Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. Zafiyet…

A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation…

The “Add category” functionality inside the “Global Keywords” menu in “SeedDMS” version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to…

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The “Remove file” functionality inside the “Log files management” menu does not sanitize user input allowing…

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the “Role management”…

A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ – 10 allows attackers to execute arbitrary web scripts or HTML…

Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function. Zafiyet ile ilgili Genel Bilgi,…

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request…

In Afian Filerun 20220202, lack of sanitization of the POST parameter “metadata[]” in `/?module=fileman&section=get&page=grid` leads to SQL injection. Zafiyet ile ilgili Genel Bilgi, Etki ve…

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)…