303 matches found
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Directory Traversal File Write Exploit Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Stored Cross-Site Scripting
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
PT-2022-10458 · Unknown · Rizalafani Cms-Php
Name of the Vulnerable Software and Affected Versions: rizalafani cms-php version 1 Description: The issue is related to a SQL Injection vulnerability in the get user function located in login manager.php. This vulnerability allows for potential SQL injection attacks. Recommendations: For...
Debian: Security Advisory (DLA-3162)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Command injection
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller...
CVE-2022-38606
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php...
Debian: Security Advisory (DLA-3099-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-20022 · Unknown · Arnoldaldrin/Binaries
Name of the Vulnerable Software and Affected Versions: arnoldaldrin/binaries versions prior to 1 Description: A stack-based buffer overflow issue has been identified. Recommendations: For versions prior to 1, update to version 1 or later to resolve the issue...
CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
Design/Logic Flaw
SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...
Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS
Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of...
HCL Technologies BigFix Mobile/Modern Client Management 代码问题漏洞
HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. A security vulnerability exists in HCL Technologies BigFix Mobile/Modern Client Management v1.x, v2.0, which can be exploited by attackers to conduct Un-Auth XML...
OESA-2022-1623 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
CVE-2022-27352
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Debian: Security Advisory (DSA-5106-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
PT-2022-11456
Name of the Vulnerable Software and Affected Versions Sourcecodester Banking System version 1 Description The issue allows attackers to execute arbitrary SQL commands via the username or password field, potentially leading to unauthorized access or data manipulation. Recommendations For...