An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.