Microsoft M365 Copilot 命令注入漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability. Attackers can exploit this vulnerability to alter information...

CVE-2023-46700

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database...

CVE-2022-3339 Reflected XSS in Trellix ePO server

A reflected cross-site scripting XSS vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to...

CVE-2021-20802

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product...

Microsoft Office 信息泄露漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of the product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office version 2.8, which stems from a flaw in th...

web2Project 3.1 SQL Injection

Advisory ID: HTB23213 Product: web2Project Vendor: http://web2project.net Vulnerable Versions: 3.1 and probably prior Tested Version: 3.1 Advisory Publication: April 30, 2014 without technical details Vendor Notification: April 30, 2014 Vendor Patch: May 1, 2014 Public Disclosure: June 18, 2014...