‼ CVE-2022-28523 ‼
📖 Read
via "National Vulnerability Database".
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28059 ‼
📖 Read
via "National Vulnerability Database".
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28450 ‼
📖 Read
via "National Vulnerability Database".
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28918 ‼
📖 Read
via "National Vulnerability Database".
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28448 ‼
📖 Read
via "National Vulnerability Database".
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28449 ‼
📖 Read
via "National Vulnerability Database".
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28058 ‼
📖 Read
via "National Vulnerability Database".
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28527 ‼
📖 Read
via "National Vulnerability Database".
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28524 ‼
📖 Read
via "National Vulnerability Database".
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.📖 Read
via "National Vulnerability Database".
🕴 How Do I Report My Security Program's ROI? 🕴
📖 Read
via "Dark Reading".
If security leaders focus on visibility and metrics, they can demonstrate their program's value to company leadership and boards.📖 Read
via "Dark Reading".
Dark Reading
How Do I Report My Security Program's ROI?
If security leaders focus on visibility and metrics, they can demonstrate their programs' value to company leadership and boards.
🕴 Log4j Attack Surface Remains Massive 🕴
📖 Read
via "Dark Reading".
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.📖 Read
via "Dark Reading".
Dark Reading
Log4j Attack Surface Remains Massive
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.
‼ CVE-2022-26564 ‼
📖 Read
via "National Vulnerability Database".
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27888 ‼
📖 Read
via "National Vulnerability Database".
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in Fixed in 2.249.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27331 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27332 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28085 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29700 ‼
📖 Read
via "National Vulnerability Database".
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41041 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29701 ‼
📖 Read
via "National Vulnerability Database".
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1503 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29810 ‼
📖 Read
via "National Vulnerability Database".
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.📖 Read
via "National Vulnerability Database".