βΌ CVE-2022-32345 βΌ
π Read
via "National Vulnerability Database".
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32347 βΌ
π Read
via "National Vulnerability Database".
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32338 βΌ
π Read
via "National Vulnerability Database".
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32557 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32559 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32342 βΌ
π Read
via "National Vulnerability Database".
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31289 βΌ
π Read
via "National Vulnerability Database".
https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ΓΒΆΓΒΆ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29618 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the userΓ’β¬β’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30903 βΌ
π Read
via "National Vulnerability Database".
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31590 βΌ
π Read
via "National Vulnerability Database".
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around systemΓ’β¬β’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32364 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32365 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31595 βΌ
π Read
via "National Vulnerability Database".
SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32235 βΌ
π Read
via "National Vulnerability Database".
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29238 βΌ
π Read
via "National Vulnerability Database".
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32366 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29614 βΌ
π Read
via "National Vulnerability Database".
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31589 βΌ
π Read
via "National Vulnerability Database".
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-29615 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21504 βΌ
π Read
via "National Vulnerability Database".
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-32367 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.π Read
via "National Vulnerability Database".