Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-1248: SAP Information System POST Request add_admin.php improper authentication

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.

CVE
#vulnerability#web#apple#linux
CVE-2022-26585: Mingsoft MCMS v5.2.7 SQL注入 · Issue #I4W1S9 · 铭飞/MCMS - Gitee.com

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.

CVE-2022-23732: Release notes - GitHub Docs

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE-2021-43461: Offensive Security’s Exploit Database Archive

Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.

CVE-2022-27435: GitHub - D4rkP0w4r/Full-Ecommece-Website-Add_Product-Unrestricted-File-Upload-RCE-POC

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.

CVE-2022-28063: CVEs/POC.md at main · D4rkP0w4r/CVEs

Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.

CVE-2022-28062: CVEs/POC.md at main · D4rkP0w4r/CVEs

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.

CVE-2021-43505

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.

CVE-2022-1176: Loose comparison causes IDOR on multiple endpoints in livehelperchat

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

CVE-2022-28128: File encryption software for both Windows and macOS

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.