βΌ CVE-2023-0534 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0533 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44029 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44027 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44026 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44298 βΌ
π Read
via "National Vulnerability Database".
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44717 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44025 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44715 βΌ
π Read
via "National Vulnerability Database".
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44028 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44718 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44024 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.π Read
via "National Vulnerability Database".
ποΈ Deserialized web security roundup: βCatastrophic cyber eventsβ, another T-Mobile breach, more LastPass problems ποΈ
π Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity newsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: βCatastrophic cyber eventsβ, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
βΌ CVE-2022-48071 βΌ
π Read
via "National Vulnerability Database".
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48069 βΌ
π Read
via "National Vulnerability Database".
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48066 βΌ
π Read
via "National Vulnerability Database".
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48073 βΌ
π Read
via "National Vulnerability Database".
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48067 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48072 βΌ
π Read
via "National Vulnerability Database".
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21395 βΌ
π Read
via "National Vulnerability Database".
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47632 βΌ
π Read
via "National Vulnerability Database".
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.π Read
via "National Vulnerability Database".