βΌ CVE-2022-43164 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".π Read
via "National Vulnerability Database".
βΌ CVE-2021-38729 βΌ
π Read
via "National Vulnerability Database".
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38733 βΌ
π Read
via "National Vulnerability Database".
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38728 βΌ
π Read
via "National Vulnerability Database".
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36858 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43229 (simple_cold_storage_managment_system) βΌ
π Read
via "National Vulnerability Database".
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2474 βΌ
π Read
via "National Vulnerability Database".
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the Γ’β¬ΕEthernet Q CommandsΓ’β¬οΏ½ service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41648 βΌ
π Read
via "National Vulnerability Database".
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36864 βΌ
π Read
via "National Vulnerability Database".
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43230 (simple_cold_storage_managment_system) βΌ
π Read
via "National Vulnerability Database".
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2475 βΌ
π Read
via "National Vulnerability Database".
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3402 βΌ
π Read
via "National Vulnerability Database".
The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36898 βΌ
π Read
via "National Vulnerability Database".
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3708 βΌ
π Read
via "National Vulnerability Database".
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43231 (canteen_management_system) βΌ
π Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43232 (canteen_management_system) βΌ
π Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3228 βΌ
π Read
via "National Vulnerability Database".
Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3401 βΌ
π Read
via "National Vulnerability Database".
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41636 βΌ
π Read
via "National Vulnerability Database".
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43228 (barangay_management_system) βΌ
π Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43233 (canteen_management_system) βΌ
π Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.π Read
via "National Vulnerability Database".