βΌ CVE-2022-37720 βΌ
π Read
via "National Vulnerability Database".
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.π Read
via "National Vulnerability Database".
β Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown β
π Read
via "Naked Security".
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHINGπ Read
via "Naked Security".
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
Those numbers or names that pop up when a call comes up? Theyβre OK as a hint of whoβs calling, but THEY PROVE NOTHING
π1
βΌ CVE-2022-44858 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45208 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41705 βΌ
π Read
via "National Vulnerability Database".
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45210 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45206 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45476 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45207 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23044 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38813 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45218 βΌ
π Read
via "National Vulnerability Database".
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41706 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43984 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41958 βΌ
π Read
via "National Vulnerability Database".
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45205 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0698 βΌ
π Read
via "National Vulnerability Database".
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41712 βΌ
π Read
via "National Vulnerability Database".
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37721 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43983 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45475 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".