‼ CVE-2022-25079 ‼
📖 Read
via "National Vulnerability Database".
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24614 ‼
📖 Read
via "National Vulnerability Database".
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25355 ‼
📖 Read
via "National Vulnerability Database".
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44566 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerability exists RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25073 ‼
📖 Read
via "National Vulnerability Database".
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24582 ‼
📖 Read
via "National Vulnerability Database".
Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25082 ‼
📖 Read
via "National Vulnerability Database".
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24566 ‼
📖 Read
via "National Vulnerability Database".
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25076 ‼
📖 Read
via "National Vulnerability Database".
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3886 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24613 ‼
📖 Read
via "National Vulnerability Database".
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25078 ‼
📖 Read
via "National Vulnerability Database".
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25360 ‼
📖 Read
via "National Vulnerability Database".
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25292 ‼
📖 Read
via "National Vulnerability Database".
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25074 ‼
📖 Read
via "National Vulnerability Database".
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25058 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21179 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25405 ‼
📖 Read
via "National Vulnerability Database".
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25401 ‼
📖 Read
via "National Vulnerability Database".
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24407 ‼
📖 Read
via "National Vulnerability Database".
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23916 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.📖 Read
via "National Vulnerability Database".