CVE-2022-32240

SAP 3D Visual Enterprise Viewer is affected by CVE-2022-32240 when a user opens manipulated Jupiter Tessellation (.jt, JTReader.x3d) files from untrusted sources. Public docs describe a crash that makes the application temporarily unavailable until restart. The ZDI advisory additionally notes a r...

CVE-2022-32236

SAP 3D Visual Enterprise Viewer is affected by CVE-2022-32236 via parsing manipulated Windows Bitmap BMP and related 2d.x3d inputs from untrusted sources. The issue, documented by ZDI as a BMP parsing out-of-bounds write enabling remote code execution, can crash the application or allow code exec...

PT-2022-3203 · Unknown · Igss Data Server

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions prior to V15.0.0.22170 Description: The issue is related to a missing authentication procedure for critical functions in the IGSS Data Server, part of the Interactive Graphical SCADA System. This could allow a remote...

CVE-2018-25034

A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input alert1 as part of POST Request leads to basic...

CVE-2017-20029

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2017-20033 PHPList Reflected cross site scriting

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send'";alert8 leads to cross site scripting Reflected. It is possible to initiate the attack remotely. Upgrading...

CVE-2020-36542 Demokratian install3.php privileges management

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is...

CVE-2022-1980

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=systeminfo/contactinfo. The manipulation of the textbox Telephone with the input alert1 leads to cross site scripting. The attack may be initiated...

CVE-2021-26633

SQL injection and Local File Inclusion LFI vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file...

Path Traversal

firefox is vulnerable to Path Traversal. A remote attacker is able to use the % character in filenames to store the data outside of the intended directory using windows environment variables, such as %HOMEPATH% or %APPDATA%...

XXE vulnerability in NUnit Plugin

NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

Drupal file REST resource does not properly validate

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

GHSA-H377-287M-W2R9 Drupal file REST resource does not properly validate

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

CVE-2022-23742

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

Design/Logic Flaw

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

PoC exploit for CVE-2022-1388, a vulnerability in the BIG-IP iCo...

F5 BIG-IP Missing Authentication Vulnerability

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Vuln Impact This vulnerability may allow an unauthenticated...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 BIG-IP iControl REST vulnerability CVE-2022-1388...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 https://support.f5.com/csp/article/K23605346 T...