Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-1565: Vulnerability Advisories - Wordfence

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#windows#google#apache#js#git#java#wordpress#php#rce#perl#ssrf#auth#sap
CVE-2022-2444: Vulnerability Advisories - Wordfence

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CVE-2022-32387: Hotfixes

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.

Orange Station 1.0 SQL Injection

Orange Station version 1.0 suffers from a remote SQL injection vulnerability.

Property Listing Script 3.1 SQL Injection

Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.

Travel Tours Script 1.0 SQL Injection

Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.

CVE-2022-24688: DSK Systems

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page.

CVE-2020-16093: LemonLDAP::NG - Web Single Sign On and Access Management Free Software

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

CVE-2022-27434: GitHub - LongWayHomie/CVE-2022-27434: UNIT4 TETA Mobile Edition 29HF13 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

CVE-2022-26482: Security Center

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.