PT-2022-21779 · Trellix · Trellix Ips Manager

Name of the Vulnerable Software and Affected Versions: Trellix IPS Manager versions prior to 10.1 M8 Description: The issue allows a remote authenticated administrator to perform an XML External Entity XXE attack in the administrator interface. This is done by importing a saved XML configuration...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

VulnCheck KEV: CVE-2022-40684

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...

CVE-2022-42457

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh...

PT-2022-24858 · Discotoc · Discotoc

Name of the Vulnerable Software and Affected Versions: DiscoTOC versions prior to the fixed version on the main branch Description: The issue allows users to inject arbitrary HTML on a topic's page if they can create topics in TOC-enabled categories and have a sufficient trust level. The estimate...

PT-2022-19405 · Dell · Os10

Name of the Vulnerable Software and Affected Versions: Dell Networking OS10 versions prior to October 2021 Description: The issue allows a remote, unauthenticated attacker to potentially exploit it by reverse engineering to retrieve sensitive information and access the REST API with admin...

Strapi SQL注入漏洞

Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...

CVE-2022-40097

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/updatecurrency.php...

CVE-2022-40447

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojialist.php...

CVE-2022-39049 Possible XSS in Admin Interface

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General". -...

CVE-2022-2338

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may...

Alphaware Simple E-Commerce System 代码问题漏洞

Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developers. The Alphaware Simple E-Commerce System suffers from a code issue that arises from an unknown portion of the adminfeature.php code in its backend administration interface that allows an attacker to perfo...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

Progress WS_FTP Server 跨站请求伪造漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which stems from a form in its administration interface that does not contain a nonce to reduce the risk of cross-site request...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

PT-2022-15842 · Mcafee · Skyhigh Swg

Name of the Vulnerable Software and Affected Versions: Skyhigh SWG versions 8.x through 8.2.27 Skyhigh SWG versions 9.x through 9.2.22 Skyhigh SWG versions 10.x through 10.2.11 Skyhigh SWG versions 11.x through 11.2.0 Description: The issue allows a remote attacker to bypass authentication into t...