Magánszemélyeknek

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and...

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to...

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code....

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database...

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible...

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can...