Vulnerabilities

A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser.

Path Equivalence: &amp;#39;file.Name&amp;#39; (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.<br /> <br /> This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.<br /> <br /> If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:<br /> - writes enabled for the default servlet (disabled by default)<br /> - support for partial PUT (enabled by default)<br /> - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads<br /> - attacker knowledge of the names of security sensitive files being uploaded<br /> - the security sensitive files also being uploaded via partial PUT<br /> <br /> If all of the following were true, a malicious user was able to perform remote code execution:<br /> - writes enabled for the default servlet (disabled by default)<br /> - support for partial PUT (enabled by default)<br /> - application was using Tomcat&amp;#39;s file based session persistence with the default storage location<br /> - application included a library that may be leveraged in a deserialization attack<br /> <br /> Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.

VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.

Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.

Improper Control of Filename for Include/Require Statement in PHP Program (&amp;#39;PHP Remote File Inclusion&amp;#39;) vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.

Improper Control of Filename for Include/Require Statement in PHP Program (&amp;#39;PHP Remote File Inclusion&amp;#39;) vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.

Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.