2424 matches found
CVE-2022-20877
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20903
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20882
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-2101
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filefiles parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level...
PT-2022-22975 · Bmc · Bmc Track-It!
Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 20.21.02.109 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the...
DEBIAN-CVE-2022-31052
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...
PT-2022-19168 · Devexpress · Safebinaryformatter +1
Name of the Vulnerable Software and Affected Versions: DevExpress affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The flaw exists within the SafeBinaryFormatter...
CVE-2022-32230
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...
SolarView Compact 6.00 - (time_begin) Cross-Site Scripting Vulnerability
Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in several Microsoft Office products. The table below lists the vulnerabilities that have been fixed by Microsoft with the corresponding CVSSv3 scores. Misuse of the vulnerabilities in SharePoint requires prior authentication. Abuse of the vulnerabilities in Excel...
SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)
Exploit Title: SolarView Compact 6.00 - 'pow' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29301 Tested on: Windows Proof Of Concept:...
CVE-2020-36528
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the...
Improper access control
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the...
CVE-2020-36528 Platinum Mobile MobileHandler.ashx access control
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the...
CVE-2022-1980
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=systeminfo/contactinfo. The manipulation of the textbox Telephone with the input alert1 leads to cross site scripting. The attack may be initiated...
CVE-2022-1979
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input alert1 leads to cross site scripting. The attack can be initiated remotely but requires...
CVE-2022-1980 SourceCodester Product Show Room Site cross site scripting
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=systeminfo/contactinfo. The manipulation of the textbox Telephone with the input alert1 leads to cross site scripting. The attack may be initiated...
CVE-2022-1839
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...
CVE-2022-1839
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...
CVE-2022-1837
A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input leads to code execution. The attack may be launched remotely but demands an authentication. Exploit detai...