# windows

#vulnerability #web #windows #microsoft #redis #backdoor #auth #telnet

Active eCommerce CMS 6.3.0 Cross Site Scripting

Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.

2 years ago

Packet Storm

Active eCommerce CMS 6.3.0 Arbitrary File Download

#xss #vulnerability #web #windows #apple #ubuntu #linux #js #auth #chrome #webkit #ssl

Active eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.

2 years ago

Packet Storm

CVE-2022-40483: Bug_report/SQLi-1.md at main · Geoduck-CNN/Bug_report

#vulnerability #web #windows #apple #ubuntu #linux #js #auth #chrome #webkit #ssl

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.

2 years ago

CVE-2022-40485: Bug_report/SQLi-3.md at main · Geoduck-CNN/Bug_report

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.

2 years ago

CVE-2022-40484: Bug_report/SQLi-2.md at main · Geoduck-CNN/Bug_report

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.

2 years ago

CVE-2022-39219: Use basic auth can bypass write permission limit · Issue #200 · brokercap/Bifrost

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

2 years ago

CVE-2022-40404: Bug_report/SQLi-2.md at main · wshark00/Bug_report

#sql #windows #linux #js #git #java #auth #firefox

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.

2 years ago