Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A buffer error vulnerability exists in Autodesk Design Review. An attacker could explo...

PT-2022-9262 · Ovarro · Ovarro Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TWinSoft affected versions not specified Description: An attacker may use TWinSoft and a malicious source project file TPG to extract files on the machine executing Ovarro TWinSoft, which could lead to code execution. Recommendations: ...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

The plugin contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user PoC...

DEBIAN-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

Design/Logic Flaw

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag-and-drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.21, which...

Cybozu Office Access Control Error Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An Access Control Error vulnerability exists in Cybozu Office, which stems from improper access restrictions in Cabinet, and can be exploited by an attacker to gain access to Cabinet data via an unspecified vector...

Cybozu Office Project License Issue Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. Cybozu Office suffers from an authorization issue vulnerability that originates from an improperly restricted operation in Project, which can be exploited by an attacker to alter Project's data via an unspecified...

Cybozu Office 安全漏洞

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. Cybozu Office suffers from an authorization issue vulnerability that originates from an improperly restricted operation in Project, which can be exploited by an attacker to alter Project's data via an unspecified...

Design/Logic Flaw

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bankin...

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21586

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bankin...

CVE-2022-21548

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the delimiter...

Fedora: Security Advisory for meg (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...