Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-23603: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in server.py

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

CVE
#xss#vulnerability#web#apple#perl
CVE-2022-23603: Build software better, together

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

CVE-2021-44255: Hacking MotionEye/MotionEyeOS | Pizza-Powered Hacking 🍕

Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.

CVE-2021-46660: Release Notes for Manager+Agents | Signiant Help

Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.

CVE-2022-22828: Version History for SynaMan

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

CVE-2022-0362: SQL Injection in showdoc

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

CVE-2021-46085: There is a Insecure Permissions vulnerability exists in OneBlog <= 2.2.8 · Issue #29 · zhangyd-c/OneBlog

OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.

CVE-2021-46084: There is a stored xss vulnerability exists in uscat. · Issue #2 · chenniqing/uscat

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.

CVE-2021-46083: There is a stored xss vulnerability exists in uscat. · Issue #1 · chenniqing/uscat

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.

CVE-2021-46086: There is a Insecure Permissions vulnerability exists in XZS · Issue #327 · mindskip/xzs-mysql

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.