An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not…

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Devamını Oku

eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. Devamını Oku

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. Devamını Oku

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. Devamını Oku

Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. Devamını Oku

Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. Devamını Oku

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. Devamını Oku

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Devamını Oku

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. Devamını Oku