CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Design/Logic Flaw

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

PT-2022-26907 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue allows attackers who can control agent processes ...

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

CVE-2022-43423

CVE-2022-43423 concerns the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

DevExpress ASP.NET Web Forms 安全漏洞

DevExpress ASP.NET Web Forms is a Web Forms control from DevExpress, USA. A security vulnerability exists in DevExpress ASP.NET Web Forms Build v19.2.3. An attacker can exploit the vulnerability to gain access to the application's source code...

CVE-2022-41479

CVE-2022-41479 affects DevExpress ASP.NET Web Forms Build v19.2.3. The DevExpress Resource Handler (ASPxHttpHandlerModule) does not verify objects referenced by the /DXR.axd?r= HTTP GET parameter, causing an Insecure Direct Object References (IDOR) that can expose the application source code (ven...

PT-2022-25884 · Devexpress · Devexpress Asp.Net

Name of the Vulnerable Software and Affected Versions: DevExpress ASP.NET Web Forms Build version 19.2.3 Description: The DevExpress Resource Handler ASPxHttpHandlerModule does not verify the referenced objects in the "/DXR.axd?r=" HTTP GET parameter. This leads to an Insecure Direct Object...

CVE-2022-35059

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414...

CVE-2022-35052

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1...

CVE-2022-35053

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f...

CVE-2022-35046

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466...

CVE-2022-35043

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6...

Exploit for Unrestricted Upload of File with Dangerous Type in Oretnom23 Clinic\'S_Patient_Management_System

CVE-2022-40471 Remote code execution via unrestricted file up...

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

Intel Confirms Leak of Alder Lake BIOS Source Code

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface UEFI code for Alder Lake, the company's 12...

Native Support in Spring Boot 3.0.0-M5

The Spring Team has been working on native image support for Spring Applications for quite some time. After 3+ years of incubation in the Spring Native experimental project with Spring Boot 2, native support is moving to General Availability with Spring Framework 6 and Spring Boot 3! Native image...

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload Exploit

Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution RCE Unauthenticated Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.ht...