βΌ CVE-2022-40322 βΌ
π Read
via "National Vulnerability Database".
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40324 βΌ
π Read
via "National Vulnerability Database".
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37794 βΌ
π Read
via "National Vulnerability Database".
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36254 βΌ
π Read
via "National Vulnerability Database".
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".π Read
via "National Vulnerability Database".
βΌ CVE-2022-37796 βΌ
π Read
via "National Vulnerability Database".
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-36257 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36259 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36258 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".π Read
via "National Vulnerability Database".
βΌ CVE-2022-36255 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".π Read
via "National Vulnerability Database".
βΌ CVE-2022-34109 βΌ
π Read
via "National Vulnerability Database".
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38972 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34110 βΌ
π Read
via "National Vulnerability Database".
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34108 βΌ
π Read
via "National Vulnerability Database".
An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36256 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".π Read
via "National Vulnerability Database".
ποΈ WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins ποΈ
π Read
via "The Daily Swig".
Project mission is to crowdsource the indexing and curating of plugin bug dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins
Project mission is to crowdsource the indexing and curating of plugin bug data
ποΈ Vulnerability in Xalan-J could allow arbitrary code execution ποΈ
π Read
via "The Daily Swig".
Open source project is used by various SAML implementationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in Xalan-J could allow arbitrary code execution
Open source project is used by various SAML implementations
βΌ CVE-2022-37767 βΌ
π Read
via "National Vulnerability Database".
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbokπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37734 βΌ
π Read
via "National Vulnerability Database".
graphql-java before19.0 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37797 βΌ
π Read
via "National Vulnerability Database".
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.π Read
via "National Vulnerability Database".
β How to deal with dates and times without any timezone tantrumsβ¦ β
π Read
via "Naked Security".
Heartfelt encouragement to embrace RFC 3339 - find out why!π Read
via "Naked Security".
Naked Security
How to deal with dates and times without any timezone tantrumsβ¦
Heartfelt encouragement to embrace RFC 3339 β find out why!
βΌ CVE-2022-3178 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".