EUVD-2022-40714

Malicious code in bioql PyPI...

EUVD-2022-50804

Malicious code in bioql PyPI...

CVE-2024-47423

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or...

CVE-2024-47425

CVE-2024-47425 refers to a vulnerability in Adobe FrameMaker (versions affected: 2020.6, 2022.4 and earlier) where an integer underflow/wraparound could enable arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. No exploit details ...

CVE-2024-47421 Adobe Framemaker | Out-of-bounds Read (CWE-125)

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

CVE-2024-47422 Adobe Framemaker | Untrusted Search Path (CWE-426)

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly...

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Date: 15 May 2023 Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://qloapps.com/ Software Link: https://github.com/webkul/hotelcommerce Version: 1.5.2 Tested on: Kali Linux 2022.4 CVE : CVE-2023-30256 Description: A Cross...

Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Vulnerability

Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introduction ===============...

Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks

Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...

Jedox 2022.4.2 - Remote Code Execution via Directory Traversal

Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introductio...

CVE-2022-38110

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

CVE-2022-38110

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

PT-2023-13593 · Dpa · Dpa

Name of the Vulnerable Software and Affected Versions: DPA versions 2022.4 and earlier Description: The issue concerns generated heap memory dumps that contain sensitive information in cleartext. Recommendations: For DPA versions 2022.4 and earlier, at the moment, there is no information about a...

Database Performance Analyzer 跨站脚本漏洞

SolarWinds Database Performance Analyzer Dpa is a database performance analyzer from SolarWinds, Inc. It is used to monitor, diagnose, and resolve performance issues with many types of database instances. A cross-site scripting vulnerability exists in Database Performance Analyzer DPA version...

CVE-2022-38112 Sensitive Information Disclosure Vulnerability

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext...

CVE-2022-38110

SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and older are vulnerable to authenticated reflected cross‑site scripting via certain URL vectors. The root cause is exposure of URL handling that can reflect input back to authenticated users, enabling XSS within affected sessions. Af...

PT-2023-13592 · Unknown · Database Performance Analyzer

Name of the Vulnerable Software and Affected Versions: Database Performance Analyzer DPA versions 2022.4 and older Description: The issue concerns authenticated reflected cross-site scripting, where certain URL vectors are susceptible to this type of attack. Recommendations: For versions 2022.4 a...

Database Performance Analyzer 安全漏洞

SolarWinds Database Performance Analyzer Dpa is a database performance analyzer from SolarWinds, Inc. It is used to monitor, diagnose, and resolve performance issues with many types of database instances. A security vulnerability exists in Database Performance Analyzer DPA version 2022.4 and...

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...