CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

Progress WS_FTP Server 跨站请求伪造漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which stems from a form in its administration interface that does not contain a nonce to reduce the risk of cross-site request...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

PT-2022-15842 · Mcafee · Skyhigh Swg

Name of the Vulnerable Software and Affected Versions: Skyhigh SWG versions 8.x through 8.2.27 Skyhigh SWG versions 9.x through 9.2.22 Skyhigh SWG versions 10.x through 10.2.11 Skyhigh SWG versions 11.x through 11.2.0 Description: The issue allows a remote attacker to bypass authentication into t...

CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...

CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

CVE-2022-34876

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

Sql injection

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

CVE-2022-34876

CVE-2022-34876 is a SQL injection vulnerability in VICIdial 2.14b0.5 prior to SVN revision 3555. It affects vicidial/admin.php through modify_email_accounts, access_recordings, and agentcall_email, allowing an attacker to spoof identities, tamper or disclose data, destroy data, or assume database...

CVE-2022-34876 VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

CVE-2022-34876

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which is caused by a file upload issue on the /api/admin/attachments/upload page...

Cross site scripting

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

CVE-2022-29931

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.11, which stems from a stored cross-site scripting XSS issue in ProjectGeneral/editprojectsettings.php. An authenticated, remote attacker can exploit this vulnerability to inject...

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...