An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.