A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered…

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered…

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not…

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Devamını Oku

eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. Devamını Oku

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. Devamını Oku

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. Devamını Oku

Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. Devamını Oku

Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. Devamını Oku

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. Devamını Oku