Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.
Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.
A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. [CVSS 3.5 LOW]
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. [CVSS 3.3 LOW]
Out-of-bounds write in GPAC's SRT subtitle import functionality (versions up to 2.4.0) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Local access is required to exploit this flaw, limiting the attack surface to authenticated users on the affected system.
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this di...
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. [CVSS 3.7 LOW]
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. [CVSS 3.3 LOW]
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]
Tanium addressed an improper input validation vulnerability in Discover. [CVSS 2.7 LOW]
Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).
Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.
A vulnerability has been found in iJason-Liu Books_Manager versions up to 298 is affected by cross-site scripting (xss) (CVSS 2.4).