Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-3503: Exploit/PoC at main · DisguisedRoot/Exploit

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.

CVE
Open in Source
#xss#vulnerability#windows#apache#java#php#auth
CVE-2022-2780: Security Advisory 2022-20

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.

CVE-2022-3495: Simple-Online-Public-Access-Catalog-OPAC---SQL-injection/POC at main · Hakcoder/Simple-Online-Public-Access-Catalog-OPAC---SQL-injection

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.

CVE-2022-41535: bug_report/SQLi-1.md at main · coues/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.

CVE-2022-41536: bug_report/SQLi-2.md at main · coues/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.

CVE-2022-41539: bug_report/RCE-2.md at main · gougou123-hash/bug_report

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-41538: bug_report/RCE-1.md at main · gougou123-hash/bug_report

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-35136: CVE-ID: CVE-2022-35135, CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.

CVE-2022-35611: CVE-ID: CVE-2022-35611

A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.

CVE-2022-34022: CVE-ID: CVE-2022-34022

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.