Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-41537: bug_report/RCE-1.md at main · SmallDarkRoom1/bug_report

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-41504: bug_report/RCE-1.md at main · cx852/bug_report

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders

With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future.

CVE-2022-3587: POC/Stored XSS at main · rsrahulsingh05/POC

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.

CVE-2022-36438: ASUS Suomi

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.

CVE-2022-3582: CSRF-/POC at main · jusstSahil/CSRF-

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability.

CVE-2022-42147: paper/xss_vul_en.md at main · xiaojiangxl/paper

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.

CVE-2022-42143: bug_report/SQLi-1.md at main · xd201qaz/bug_report

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.

CVE-2022-42142: bug_report/RCE-1.md at main · xd201qaz/bug_report

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.