Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. The exit function will terminate the script and print the message to the user which has $_SERVER.
Thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in. Thinkphp-bjyblog_project - thinkphp-bjyblog Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. Sophos - unified_threat_management_up2dateĪn authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
Showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Showdoc is vulnerable to URL Redirection to Untrusted Site substring in a ListBucketResult element. Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version. If you are eligible, please update to the new version as soon as possible. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.īaserCMS is an open source content management system with a focus on Japanese language support.
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.Īttendance_management_system_project - attendance_management_systemĪttendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.īarracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions) CMU Firmware version 12.2.* (all versions) CMU Firmware version 12.4.* (all versions). By default, BCI IEC 64 function is disabled (not configured). Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 64 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message.