CVE-2022-43492 WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

PT-2022-26841 · Intelbras · Intelbras Sg 2404 Mr

Name of the Vulnerable Software and Affected Versions: INTELBRAS SG 2404 MR version 20180928-rel64938 Description: The issue allows authenticated attackers to create Administrator accounts arbitrarily through crafted user cookies. Recommendations: For version 20180928-rel64938, consider restricti...

CVE-2022-20836

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2022-20831

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

PT-2022-26577 · Unknown · Comserver Series

Name of the Vulnerable Software and Affected Versions: ComServer Series affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage. This is a...

SAP GUI 代码注入漏洞

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

CVE-2022-42924 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation...

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...

CVE-2022-41707

The CVE-2022-41707 entry concerns Relatedcode’s Messenger (version 7bcd20b). Affected component: Messenger app data handling that exposes user data publicly. Root cause: information disclosure allowing an authenticated external attacker to access sensitive data of any user. Impact: Confidentialit...

CVE-2022-35844

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted argument...

CVE-2022-41206

SAP BusinessObjects Business Intelligence platform Analysis for OLAP - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on...

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: zeroSteiner at January 10, 2023 2:58pm UTC reported: CVE-2022-41082, also known as ProxyNotShell is an authenticated RCE in Microsoft Exchange. ProxyNotShell actually combines CVE-2022-41082 and CVE-2022-41040 for t...

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...

PT-2022-6547 · Fortinet · Fortiadc +2

Name of the Vulnerable Software and Affected Versions: FortiADC versions 5.x through 7.1.0 FortiDDoS versions 4.x through 5.6 FortiDDoS-F versions 6.1.0 through 6.4.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow an...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-2934 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2517 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...