CVE-2022-1837 Home Clean Services Management System unrestricted upload

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input leads to code execution. The attack may be launched remotely but demands an authentication. Exploit detai...

CVE-2022-29447 WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated administrator or higher user role Local File Inclusion LFI vulnerability in Wow-Company's Hover Effects plugin = 2.1 at WordPress...

CVE-2022-21500

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

PT-2022-2880

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.2 Description The issue is related to insufficient input validation in the Manage Proxies component, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite...

SolarView Compact 6.0 - OS Command Injection

Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...

SDT-CW3B1 1.1.0 Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

Vulnerabilities fixed in Oracle Enterprise Linux kernel

Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

Cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590

Bludit 3.13.1 is affected by a Cross-Site Scripting vulnerability in the New Content module, exposed via the /admin/new-content endpoint. The issue stems from unsafely handling user-supplied content (example payload: ), enabling client-side script execution. The attack is remotely initiable but r...

CVE-2022-1590 Bludit New Content Module new-content cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...

CVE-2022-1536 automad Dashboard cross site scripting

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Homealert"home" leads to a cross site scripting. The attack can be initiated remotely but requires an authenticatio...

Cisco Unified Communications Manager SQL注入漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of the Unified Communications System from Cisco USA. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution.Unified Communications...

CVE-2020-13590

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

PT-2022-18973 · Reprise · Reprise License Manager

Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 14.2 Description: The issue is a reflected cross-site scripting vulnerability XSS in the "/goform/rlmswitchr process" file parameter via GET. Authentication is required to exploit this issue. Recommendations: F...

CVE-2022-20782

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...

CVE-2021-42324

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...