Comparison Overview

A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

• https://github.com/24ggee/CVE/issues/1
• https://itsourcecode.com/
• https://vuldb.com/?ctiid.338330
• https://vuldb.com/?id.338330
• https://vuldb.com/?submit.721321

C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.

• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123025
• https://github.com/KermitProject/ckermit/pull/20
• https://www.complete.org/kermit/
• https://www.kermitproject.org/ftp/kermit/test/tar/

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server.

• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2024/icsa-24-263-04.json
• https://megasys.com/support/
• https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-04

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.

• https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-111413-Security-Notice.pdf

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.

• https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#921