This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters are not properly sanitized, allowing malicious attackers to send a crafted URL and execute code in the context of the user's browser. | |
------------------------------------------ | |
Additional Information: | |
CVE-Reference: CVE-2018-11628 | |
Product: EMS Master Calendar | |
Vendor: EMS Software | |
Vulnerable Version: Before 8.0.0.20180521 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: SageCell Python Web Injection Vulnerability | |
# Google Dork: | |
# Date: 10/13/19 | |
# Exploit Author: Christopher J. Barretto @ Advoqt | |
# Vendor Homepage: www.advoqt.com | |
# Software Link: https://sagecell.sagemath.org/ | |
# Version: SageCell - ALL VERSIONS | |
# Tested on: Unix | |
# CVE : CVE-2019-17526 (issued in progress) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author: Christopher J. Barretto | |
Organization: GraVoc | |
CVE ID: CVE-2023-33524 | |
Name of Product: Advent/SSC Inc. Tamale RMS | |
Affection Version: Tamale RMS - All versions under 23.1 |