6680 matches found
Cross site scripting
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...
CVE-2022-4014
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this...
Moderate: Red Hat Security Advisory: xorg-x11-server security and bug fix update
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Zoho ManageEngine Command Injection (CVE-2021-43319)
A command injection vulnerability exists in ManageEngine Network Configuration Manager. This vulnerability is due to insufficient validation in the ipaddress field of the ping functionality in add device web interface...
Sanitization Management System č·Øē«čę¬ę¼ę“
Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System, which originates from unknown functionality in the component the file admin/?page=systeminf, and can be exploited by an attack...
Cross site scripting
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/articlesave.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is...
Denial Of Service (DoS)
github.com/shamaton/msgpack is vulnerable to denial of serviceDoS attacks. A remote attacker is able to cause an application crash in Unmarshal functionality, via a maliciously crafted input...
Logic in LineLib does not work correctly with fee-on-transfer tokens
Lines of code Vulnerability details Proof of Concept Some tokens take a transfer fee e.g. STA, PAXG, some do not currently charge a fee but may do so in the future e.g. USDT, USDC. The code currently receives ERC20 tokens but does not account for the potential fees paid in the transfer. If such a...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
Description of the security update for SharePoint Server Subscription Edition: September 13, 2022 (KB5002271)
Description of the security update for SharePoint Server Subscription Edition: September 13, 2022 KB5002271 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...
Any use of fee-on-transfer tokens as quote tokens in auctions will result in freeze or loss of funds for users.
Lines of code Vulnerability details Description SIZE auctions do not support fee-on-transfer tokens. The platform rejects taxed baseToken during createAuction: // Passes https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.solL9 // Transfer base tokens to auction contrac...
Remote Code Execution
@keystone-6/core is vulnerable to remote code execution. The use of NODEENV not in dependencies triggers the security-sensitive functionality in a production build, which makes it vulnerable to NODEENV being inlined to development for user code...
@keystone-6/core's NODE_ENV defaults to development with esbuild
Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js ā built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
Command injection
A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...
Open Redirect
github.com/eolinker/apinto-dashboard is vulnerable to open redirects. A malicious user is able to redirect the victim to a malicious site via a malicious URL injected through the /login file due to the use of argument callback functionality...
CVE-2022-3817 Axiomatic Bento4 mp4mux memory leak
A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be...
Bento4 čµęŗē®”ēéčÆÆę¼ę“
Bento4 is an open source C++ library for reading and writing MP4 files. Bento4 suffers from a resource management error vulnerability that stems from the component not completing a fix for some unknown functionality of CVE-2019-13238, resulting in resource consumption...
CVE-2022-40289 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.
The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files...
Remote code execution
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...