CVE-2022-40037

CVE-2022-40037 affects Rawchen blog-ssm v1.0. an issue in the /upFile component allows a remote attacker to escalate privileges and execute arbitrary commands. The vulnerability is described across multiple sources (NVD/Red Hat/CVE listing) as a remote, unauthenticated issue with high impact (Con...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

PT-2023-13745 · Unknown · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue in Rawchen blog-ssm allows a remote attacker to escalate privileges and execute arbitrary commands via the component "/upFile". Recommendations: For Rawchen blog-ssm version 1.0, consider...

CVE-2022-40036

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component...

CVE-2022-40034

Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...

CVE-2022-40034

Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...

Cross site scripting

Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...

CVE-2022-40034

Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...

Rawchen blog-ssm 跨站脚本漏洞

blog-ssm is a JavaWeb-based blog project by the individual developer Rawchen in China. A security vulnerability exists in Rawchen blog-ssm v1.0, which stems from a cross-site scripting XSS vulnerability that can be exploited by an attacker to execute arbitrary code via the notifyInfo parameter...

CVE-2022-40034

Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...

CVE-2022-40034

CVE-2022-40034 is an XSS vulnerability affecting Rawchen blog-ssm v1.0. The issue allows an attacker to execute arbitrary code via the notifyInfo parameter. Public sources consistently describe the vulnerability as XSS in Rawchen blog-ssm v1.0; the root cause is indicated as improper handling of ...

PT-2023-13742 · Rawchen · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary code via the notifyInfo parameter. This enables attackers to inject malicious scripts into websites, potentially leading to...

wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. BlogEngine.NET v3.3.8.0 version of a security vulnerability , the vulnerability stems from the ability to create any folder with the prefix "files" under /AppData/...

blog.lesieur.name Open Redirect vulnerability OBB-3143986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...

Tiki Wiki CMS Groupware 代码问题漏洞

Tiki Wiki CMS Groupware is a Wiki-based open source content management system and online office suite. A security vulnerability exists in Tiki Wiki CMS Groupware version 24.1 and earlier, which stems from PHP object injection in tikiimporterblogwordpress.php...

Happy 20th Birthday TaoSecurity Blog

Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you Blogger Blogger now part of Google has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security...

pyChao SQL注入漏洞

pyChao is an application by Dr. Azrael Tod, a personal developer. It is mainly used for Facts and Newsfeeds and interacts with WebChao-Blog. A SQL injection vulnerability exists in pyChao. An attacker could exploit this vulnerability to perform a sql injection attack...

PT-2023-10129 · Unknown · Sternenseemann Sternenblog

Name of the Vulnerable Software and Affected Versions: sternenseemann sternenblog versions prior to 0.1.0 Description: A problematic issue has been found in sternenseemann sternenblog, affecting the blog index function of the file main.c. The manipulation of the post path argument leads to file...