βΌ CVE-2022-42990 βΌ
π Read
via "National Vulnerability Database".
Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44050 βΌ
π Read
via "National Vulnerability Database".
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43304 βΌ
π Read
via "National Vulnerability Database".
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38163 βΌ
π Read
via "National Vulnerability Database".
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5).π Read
via "National Vulnerability Database".
βΌ CVE-2022-44048 βΌ
π Read
via "National Vulnerability Database".
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3878 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42205 βΌ
π Read
via "National Vulnerability Database".
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43351 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43318 βΌ
π Read
via "National Vulnerability Database".
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43303 βΌ
π Read
via "National Vulnerability Database".
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44054 βΌ
π Read
via "National Vulnerability Database".
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43350 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43305 βΌ
π Read
via "National Vulnerability Database".
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44053 βΌ
π Read
via "National Vulnerability Database".
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43317 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
β Public URL scanning tools β when security leads to insecurity β
π Read
via "Naked Security".
Never make your users cry/By how you use an APIπ Read
via "Naked Security".
Naked Security
Public URL scanning tools β when security leads to insecurity
Never make your users cry/By how you use an API
βΌ CVE-2022-3872 βΌ
π Read
via "National Vulnerability Database".
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43046 βΌ
π Read
via "National Vulnerability Database".
Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-43049 βΌ
π Read
via "National Vulnerability Database".
Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39343 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS FileX is a FAT-compatible file system thatΓΒ’Γ’β¬ÒβΒ’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36077 βΌ
π Read
via "National Vulnerability Database".
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.π Read
via "National Vulnerability Database".