SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2022:3271-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3271-1 advisory. - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers t...

SUSE: Security Advisory (SUSE-SU-2022:3271-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2943

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

September 6, 2022, update for Excel 2013 (KB5002268)

September 6, 2022, update for Excel 2013 KB5002268 This article describes update 5002268 for Microsoft Excel 2013 that was released on September 6, 2022. This update also applies to Office Home and Student 2013 RT.Be aware that the update in the Microsoft Download Center applies to the Microsoft...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-3008 Command Injection on tinygltf

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

Garage Management System 跨站脚本漏洞

Garage Management System is a garage management system that helps you manage all your vehicles, cars and motorcycles. A cross-site scripting vulnerability exists in Garage Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the brandname...

CVE-2022-2638

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...

PT-2022-23506 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description: The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. Recommendations: For TOTOLINK...

CVE-2022-36696

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestockout...

CVE-2022-35175

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hiddenid parameter at /blotter/blotter.php...

JPEGDEC 安全漏洞

JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. A security vulnerability exists in JPEGDEC that stems from a segmentation error in the fseek module of the /src/jpeg.inl file...

CVE-2022-35426

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file...

PT-2022-22819 · Ucms · Ucms

Name of the Vulnerable Software and Affected Versions: UCMS version 1.6 Description: The issue allows for arbitrary file upload via the ucms/sadmin/file PHP file. Recommendations: For version 1.6, consider restricting access to the ucms/sadmin/file PHP file to minimize the risk of exploitation...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...