Vulnerabilities

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the cod_agenda request parameter, which is directly concatenated into multiple SQL queries without proper sanitization. This issue has been patched in commit b473f92.

A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter.

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.

Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.<br /> <br /> <br /> The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.  <br /> <br /> <br /> This issue affects:<br /> <br /> DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541<br /> <br /> DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833<br /> <br /> DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628<br /> <br /> DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279<br /> <br /> DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344<br /> <br /> DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063<br /> <br /> DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964<br /> <br /> DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525<br /> <br /> DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410<br /> DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727<br /> DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851<br /> <br /> <br /> DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198<br /> <br /> DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957<br /> <br /> DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587<br /> <br /> DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669<br /> <br /> DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364<br /> <br /> DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776<br /> <br /> DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458<br /> <br /> DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316<br /> <br /> DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309<br /> DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856<br /> <br /> DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189<br /> <br /> DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125<br /> DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired<br /> <br /> DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858<br /> <br /> DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162<br /> <br /> DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856<br /> <br /> DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430<br /> <br /> DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023<br /> <br /> DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339<br /> DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430<br /> <br /> DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183<br /> <br /> DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022

Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.<br /> <br /> The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.  If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.  If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.  The attacker could fetch the resource from the server causing the java script to be executed.<br /> <br /> <br /> <br /> <br /> <br /> This issue affects:<br /> <br /> <br /> <br /> DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541<br /> <br /> DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833<br /> <br /> DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628<br /> <br /> DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279<br /> <br /> DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344<br /> <br /> DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063<br /> <br /> DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964<br /> <br /> DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525<br /> <br /> DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410<br /> DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727<br /> DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851<br /> <br /> <br /> DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198<br /> <br /> DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957<br /> <br /> DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587<br /> <br /> DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669<br /> <br /> DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364<br /> <br /> DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776<br /> <br /> DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458<br /> <br /> DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316<br /> <br /> DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309<br /> DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856<br /> <br /> <br /> DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189<br /> <br /> DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125<br /> DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired<br /> <br /> DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858<br /> <br /> DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162<br /> <br /> DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856<br /> <br /> DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430<br /> <br /> DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023<br /> <br /> DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339<br /> DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430<br /> <br /> DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183<br /> <br /> DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022

The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and compromise system integrity.