Home Owners Collection Management System SQL注入漏洞

A SQL injection vulnerability exists in Home Owners Collection Management System v1.0, which originates in /hocms/classes/Master.php The vulnerability is caused by a lack of filtering and escaping of SQL data in ?f=deletephase. An attacker could exploit this vulnerability to cause SQL injection...

Simple Real Estate Portal System SQL注入漏洞

Simple Real Estate Portal System is a real estate portal system by Carlo Montero Personal Developer. Simple Real Estate Portal System v1.0 has a security vulnerability that can be exploited by an attacker via /reps/classes/Master.php?f=deleteestate...

Car Driving School Management System SQL注入漏洞

A SQL injection vulnerability exists in Car Driving School Management System, a driving school management system, which originates from /cdsms/classes/Master.php?f=delete package...

CVE-2022-1119

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the /includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2021-36288

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files...

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

Jenkins Continuous Integration with Toad Edge Plugin访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

Barco Control Room Management Suite Directory Traversal

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

AZL-9292 CVE-2022-28356 affecting package kernel for versions less than 5.15.37.1-2

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...

IdeaRe SpA IdeaRE RefTree path traversal vulnerability

IdeaRe SpA IdeaRE RefTree is a web application for managing complex real estate situations from IdeaRe SpA, Italy. path traversal vulnerability exists in versions of IdeaRe SpA IdeaRE RefTree prior to 2021.09.17. The vulnerability stems from the failure of a web system or product to properly filt...

Jenkins Tests Selector Plugin跨站脚本漏洞

Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Tests Selector Plugin 1.3.3 and earlier versions, which stems from an unescaped...

GHSA-8HH2-RXM8-7FJ8 Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

SWHKD 后置链接漏洞

SWHKD is a display protocol independent hotkey daemon made in Rust. A denial of service vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhks.pid pathname and can be exploited by an attacker to potentially cause a denial of service...

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28147

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Continuous Integration with Toad Edge Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

PT-2022-18846 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: A missing permission check allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins...