Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2021-29281: Unrestricted File Upload | OWASP Foundation

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#microsoft#ubuntu#linux#dos#apache#js#php#perl#pdf#buffer_overflow#auth
CVE-2022-32055: CVEs/Inout-Homestay-2-2-sqli.md at main · bigb0x/CVEs

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.

CVE-2022-32056: GitHub - JackyG0/Online-Accreditation-Management-System-v1.0-SQLi

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.

The Age of Collaborative Security: What Tens of Thousands of Machines Witness

Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any

CVE-2015-3173

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

CVE-2022-31131: Update phpdoc for local attachment and outbox by kesselb · Pull Request #6600 · nextcloud/mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)

CVE-2021-31678: GitHub - RO6OTXX/pescms_vulnerability

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.

CVE-2022-35229: [ZBX-21306] Reflected XSS in discovery page of Zabbix Frontend [CVE-2022-35229]

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

CVE-2022-35230: [ZBX-21305] Reflected XSS in graphs page of Zabbix Frontend [CVE-2022-35230]

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.