Sql injection

A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this...

Improper access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

Linux kernel has unspecified vulnerabilities (CNVD-2022-72079)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. This operation results in a memory leak. No details of the...

Design/Logic Flaw

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of...

ROS-20221004-01

Vim text editor vulnerability is related to a boundary error during file processing in the function exfinally in exeval.c. Exploitation of the vulnerability could allow an attacker acting remotely, create a special file, force the victim to open it, cause memory corruption, and execute arbitrary...

PT-2022-21889 · Autodesk · Autodesk Dwg

Name of the Vulnerable Software and Affected Versions: Autodesk DWG affected versions not specified Description: A maliciously crafted Dwg2Spd file, when processed through the Autodesk DWG application, could lead to a memory corruption issue due to a write access violation. This issue, in...

Code injection

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2022-3147 Server-side Denial of Service while processing a specifically crafted JPEG file

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service...

PT-2022-20018 · Unknown · Oretnom23 Fast Food Ordering System

Name of the Vulnerable Software and Affected Versions: oretnom23 Fast Food Ordering System affected versions not specified Description: A problematic issue has been found in the oretnom23 Fast Food Ordering System, affecting the processing of the file "admin/?page=reports". The manipulation of th...

PT-2022-4635 · Measuresoft · Measuresoft Scadapro Server

Name of the Vulnerable Software and Affected Versions: Measuresoft ScadaPro Server All Versions Description: The issue is related to a use-after-free condition when processing a specific project file, which can allow an attacker to execute arbitrary code remotely. This is associated with the...

CVE-2022-2816

An out-of-bounds read vulnerability was found in Vim in the checkvim9unlet function in the vim9cmds.c file. This issue occurs because of invalid memory access when compiling the unlet command when a specially crafted input is processed. This flaw allows an attacker who can trick a user into openi...

PT-2022-18567 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS affected versions not specified Description: A problematic issue has been found in the SourceCodester Company Website CMS, affecting the processing of the file /dashboard/contact. The manipulation of the pho...

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

DEBIAN-CVE-2022-2121

OFFIS DCMTK's All versions prior to 3.6.7 has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition...

CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

GHSA-9HG2-395J-83RM Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

Cross-site scripting - Stored via upload `.xsig` file

Description When user upload a file with .xsig extension and direct access this file, the server response with Content-type: text/html lead to processing XSIG as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5....

CVE-2022-1475

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...