Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-32994: Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload · Issue #1 · zongdeiqianxing/cve-reports

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

CVE
#vulnerability#web#windows#apple#js#git#java#auth#chrome#webkit
Brave Search wants to replace Google’s biased search results with yours

Brave Search, the privacy search engine you may not have heard of, is a year old and growing fast. The post Brave Search wants to replace Google’s biased search results with yours appeared first on Malwarebytes Labs.

Library Management System With QR Code 1.0 SQL Injection

Library Management System with QR Code version 1.0 suffers from a remote SQL injection vulnerability.

Library Management System With QR Code 1.0 Cross Site Scripting

Library Management System with QR Code version 1.0 suffers from a persistent cross site scripting vulnerability.

Library Management System With QR Code 1.0 Shell Upload

Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.

WSO2 Management Console Cross Site Scripting

WSO2 Management Console suffers from a cross site scripting vulnerability. Many different product versions are affected.

CVE-2022-2212: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2214: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2213: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.