βΌ CVE-2022-45040 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45039 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45037 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44411 βΌ
π Read
via "National Vulnerability Database".
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38377 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38166 βΌ
π Read
via "National Vulnerability Database".
In F?Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45038 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45036 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37720 βΌ
π Read
via "National Vulnerability Database".
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.π Read
via "National Vulnerability Database".
β Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown β
π Read
via "Naked Security".
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHINGπ Read
via "Naked Security".
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
Those numbers or names that pop up when a call comes up? Theyβre OK as a hint of whoβs calling, but THEY PROVE NOTHING
π1
βΌ CVE-2022-44858 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45208 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41705 βΌ
π Read
via "National Vulnerability Database".
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45210 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45206 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45476 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45207 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23044 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38813 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45218 βΌ
π Read
via "National Vulnerability Database".
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41706 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.π Read
via "National Vulnerability Database".