CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

CVE-2022-20867

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileg...

Vulnerabilities fixed in Cisco ESA, SWA and Secure Email and Web Manager

Cisco has fixed several vulnerabilities in Cisco Email Security Appliance ESA, Secure Web Appliance SWA, vh. Web Security Appliance and the Secure Email and Web Manager. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to execute arbitrary commands execute with ro...

PT-2022-25140 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.0 through 7.2.0 Description: The issue allows an authenticated admin user assigned to a specific domain to access and modify other domains' information via insecure direct object references IDOR. This is due to an imprope...

Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The iss...

Adobe ColdFusion Application Server Directory Traversal Arbitrary File Disclosure Or Deletion Vulnerability

This vulnerability allows remote attackers to disclose or delete sensitive files on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The...

Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the Apex One web console. By navigating directly to a URL, a user can bypass authorization...

PT-2022-26426 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

PT-2022-26431 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

PT-2022-26429 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the contact groups...

CVE-2021-40556

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacke...

PT-2022-25672 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

Impact This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. Patches Patched in ...

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload

Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution RCE Unauthenticated Google Dork: N/A Date: 2022-9-23 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application. To execute code in Office and Visio, the malicious party does not need prior authentication, but needs to trick the vict...

CVE-2022-2936

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-43080

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...