CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...

CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

CVE-2022-34876

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

Sql injection

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

CVE-2022-34876 VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

CVE-2022-34876

CVE-2022-34876 is a SQL injection vulnerability in VICIdial 2.14b0.5 prior to SVN revision 3555. It affects vicidial/admin.php through modify_email_accounts, access_recordings, and agentcall_email, allowing an attacker to spoof identities, tamper or disclose data, destroy data, or assume database...

CVE-2022-34876

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which is caused by a file upload issue on the /api/admin/attachments/upload page...

Cross site scripting

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

CVE-2022-29931

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.11, which stems from a stored cross-site scripting XSS issue in ProjectGeneral/editprojectsettings.php. An authenticated, remote attacker can exploit this vulnerability to inject...

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

CVE-2022-32019

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=savecar...

CVE-2022-32020

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...

CVE-2022-32021

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/managemovement.php?id=...

CVE-2022-32028

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manageuser.php?id=...

CVE-2022-31351

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manageprice.php?id=...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ viewrequest&id=Lack of validation of external input SQL statement...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/admin/user/index.php?view=edit&id=page missing validation of external input SQL statement validation. An attacker could use this...