Zsmaaa

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System (affected versions not specified) Description A cross-site scripting issue exists due to manipulation of the `batch` argument in the Class Schedule Deletion Endpoint, specifically within the file '/admin/class%20schedule/delete batch.php'. The attack can be launched remotely. The exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Textpattern versions prior to 4.9.2 Description A security issue exists in Textpattern up to version 4.9.1. The `mt uploadImage` function within the `rpc/TXP RPCServer.php` file, part of the XML-RPC Handler component, is susceptible to path traversal due to manipulation of the `file.name` argument. This allows for remote exploitation. The details of the exploit have been publicly disclosed. Recommendations Update to version 4.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Acrel Environmental Monitoring Cloud Platform version 1.1.0 **Description** A flaw exists in Acrel Environmental Monitoring Cloud Platform that allows for unrestricted file uploads due to manipulation of an unknown process. The issue can be exploited remotely. The exploit has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** doramart DoraCMS versions 3.0.x **Description** A flaw exists in the processing of the `/api/v1/mail/send` file within the Email API component. This improper handling results in insufficient authentication. Remote attackers can exploit this issue. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DoraCMS versions 3.0.x **Description** A security flaw exists in DoraCMS 3.0.x related to path traversal. This issue is present in the `createFileBypath` function within the `/DoraCMS/server/app/router/api/v1.js` file. A manipulation of the system allows for path traversal, and the attack can be initiated remotely. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShuoRen Smart Heating Integrated Management Platform version 1.0.0 **Description** A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file `/MP/Service/Webservice/ExampleNodeService.asmx`. Manipulation of the `File` argument can lead to unrestricted file upload, allowing for remote exploitation. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.