Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-27162: SQL Injection vulnerability on cszcms_admin_Members_editUser · Issue #44 · cskaza/cszcms

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

CVE
#sql#csrf#vulnerability#web#windows#apple
CVE-2022-27961: There is a stored xss vulnerability exists in ofcms · Issue #I4Z8QU · 欧福/ofcms - Gitee.com

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.

CVE-2022-27960: There is a Information disclosure vulnerability exists in ofcms · Issue #I4Z8SS · 欧福/ofcms - Gitee.com

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.

CVE-2022-27958: CVE-Request/febs.md at main · afeng2016-s/CVE-Request

Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.

CVE-2022-27477: There is a File upload vulnerability exists in newbee-mall · Issue #63 · newbee-ltd/newbee-mall

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

CVE-2022-27476: There is a Cross site scripting vulnerability exists in newbee-mall · Issue #64 · newbee-ltd/newbee-mall

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.

CVE-2021-43517: Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.