Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-27357: CVEs/POC.md at main · D4rkP0w4r/CVEs

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE
#sql#xss#vulnerability#web#windows#apple#google#nodejs#js#git#java
CVE-2022-27064: GitHub - D4rkP0w4r/Musical-World-Unrestricted-File-Upload-RCE-POC

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27063: GitHub - D4rkP0w4r/AeroCMS-Comment-Stored_XSS-Poc

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

CVE-2022-27348: GitHub - D4rkP0w4r/sms-Add_Student-Stored_XSS-POC

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

CVE-2022-28002: CVEs/POC.md at main · D4rkP0w4r/CVEs

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.

CVE-2022-27991: CVEs/POC.md at main · D4rkP0w4r/CVEs

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.

CVE-2022-28000: CVEs/POC.md at main · D4rkP0w4r/CVEs

Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.

CVE-2022-28001: CVEs/POC.md at main · D4rkP0w4r/CVEs

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.

CVE-2021-43430: bug/bigant at main · Flash1201/bug

An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.