‼ CVE-2022-3013 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3014 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3012 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3015 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2787 ‼
📖 Read
via "National Vulnerability Database".
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38791 ‼
📖 Read
via "National Vulnerability Database".
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38792 ‼
📖 Read
via "National Vulnerability Database".
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38794 ‼
📖 Read
via "National Vulnerability Database".
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3016 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0285.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36705 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36708 ‼
📖 Read
via "National Vulnerability Database".
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36707 ‼
📖 Read
via "National Vulnerability Database".
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/bookdetails.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36706 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36704 ‼
📖 Read
via "National Vulnerability Database".
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.📖 Read
via "National Vulnerability Database".
🕴 Microsoft 365 Empowers Business Users to Shoot Themselves in the Foot 🕴
📖 Read
via "Dark Reading".
Citizen development allows users to design creative solutions for immediate problems, but it requires training and oversight to avoid security holes.📖 Read
via "Dark Reading".
Dark Reading
Edge Articles
👍1
‼ CVE-2022-38511 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36573 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36615 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36613 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36610 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38510 ‼
📖 Read
via "National Vulnerability Database".
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.📖 Read
via "National Vulnerability Database".