Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2022-4341 csliuwy coder-chain_gdut cross site scripting

A vulnerability has been found in csliuwy coder-chaingdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

Information disclosure

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

WordPress Simple:Press plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin Simple:Press 6.8 and earlier versions have a path traversal vulnerability, which stems...

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

CVE-2022-3978

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this...

CVE-2022-3969

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

CVE-2022-3969

OpenKM up to 6.3.11 contains a vulnerability in getFileExtension (src/main/java/com/openkm/util/FileUtils.java) that can lead to an insecure temporary file. Root cause: manipulation of file extension handling. The fix is upgrading to OpenKM 6.3.12, with patch c069e4d73ab8864345c25119d8459495f4545...

CVE-2022-3952

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...

Path traversal

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

CVE-2022-3940 lanyulei ferry task.go path traversal

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

CVE-2022-3735

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

CVE-2022-3735 seccome Ehoney signup access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

PT-2022-22282 · Jiusi Oa · Jiusi Oa

Name of the Vulnerable Software and Affected Versions: Jiusi OA affected versions not specified Description: A critical vulnerability was found in Jiusi OA, affecting an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the inforid argument leads to SQL...

CVE-2022-41194

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

Code injection

Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile .emf, emf.x3d file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart o...

CVE-2022-41166

CVE-2022-41166 concerns SAP 3D Visual Enterprise Author (version 9). The issue arises when handling manipulated Wavefront OBJ files (.obj) via ObjTranslator.exe, caused by improper memory management in the OBJ parsing logic. This can cause the application to crash and become temporarily unavailab...

CVE-2022-41192

SAP 3D Visual Enterprise Viewer (before/around version 9) is affected by CVE-2022-41192 due to a memory-management flaw in parsing JT files (.jt, JTReader.x3d). Attackers can supply manipulated JT data to trigger a vulnerability that may crash the application and, per ZDI advisories, could allow ...