Packet Storm

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.

Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Linux versions starting with 6.5 suffer from a read-after-type-change of folio in cachestat() that leads to a kernel pointer leak.