A vulnerability was found in xujiangfei admintwo 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/home. The manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.
A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called b15e29021d326be127193a5dbbd528c4e37e6324. Applying a patch is advised to resolve this issue.
A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960.
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability.
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.