βΌ CVE-2022-39347 βΌ
π Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42246 βΌ
π Read
via "National Vulnerability Database".
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42187 βΌ
π Read
via "National Vulnerability Database".
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43135 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24036 βΌ
π Read
via "National Vulnerability Database".
Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43781 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled Γ’β¬ΕAllow public signupΓ’β¬οΏ½.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4011 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4013 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43234 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34354 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43264 βΌ
π Read
via "National Vulnerability Database".
Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44004 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39316 βΌ
π Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39834 βΌ
π Read
via "National Vulnerability Database".
A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44007 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44002 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43263 (guitar_pro) βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44000 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44006 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42982 βΌ
π Read
via "National Vulnerability Database".
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45047 βΌ
π Read
via "National Vulnerability Database".
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.π Read
via "National Vulnerability Database".