xsjczx Shaoxing Background Management System SQL注入漏洞

The xsjczx Shaoxing Background Management System is a background management system from the Chinese company xsjczx punctuation information technology. A SQL injection vulnerability exists in xsjczx Shaoxing Background Management System, which originates from unknown code in the file /Default/Bd,...

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

CVE-2022-44139

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

GLSA-202210-24 : FreeRDP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-24 FreeRDP: Multiple Vulnerabilities - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fai...

CVE-2021-35387

Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php...

Nextcloud: CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking malicious link

Summary It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link. e.g. in an email, chat link, etc This vulnerability was introduced in an attempt to fix 1720043. The patch however can be bypassed and also introduced a CSRF vulnerability...

Dell GeoDrive Path Traversal Vulnerability

Dell GeoDrive is a free application from Dell, Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A path traversal vulnerability exists in Dell GeoDrive versions prior to 2.2.3. The vulnerability stems from a failure of a networked system or...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

Design/Logic Flaw

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

CVE-2021-20030

CVE-2021-20030 affects SonicWall Global Management System (GMS). The connected sources describe a file path manipulation vulnerability that allows an unauthenticated attacker to access the web directory containing the application's binaries and configuration files. The CVE is documented across mu...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

PT-2022-9165 · Sonicwall · Sonicwall Gms

Name of the Vulnerable Software and Affected Versions: SonicWall GMS affected versions not specified Description: The issue allows an unauthenticated attacker to gain access to the web directory containing the application's binaries and configuration files through file path manipulation...

CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

Design/Logic Flaw

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...