2007 matches found
PT-2022-26765 · Unknown · Online Diagnostic Lab Management System
Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/appointments/manage appointment.php" API endpoint...
PT-2022-26852 · Unknown · Canteen Management System
Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/print.php" API endpoint. Recommendations: For Canteen Management Syste...
PT-2022-26854 · Unknown · Canteen Management System
Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/php action/printOrder.php" API endpoint. Recommendations: For Canteen...
PT-2022-23794 · WordPress · Web Stories
Name of the Vulnerable Software and Affected Versions: Web Stories plugin for WordPress versions up to, and including 1.24.0 Description: The issue arises from insufficient validation of URLs supplied via the url parameter in the "/v1/hotlink/proxy" REST API Endpoint. This allows authenticated...
PT-2022-23912 · Unknown · Seccome Ehoney
Name of the Vulnerable Software and Affected Versions: seccome Ehoney affected versions not specified Description: A critical issue was found in seccome Ehoney. It affects an unknown function of the /api/v1/attack/falco API endpoint. The manipulation of the Payload argument leads to SQL injection...
PT-2022-25641 · Unknown · Diaenergie
Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.01.002 Description: The issue concerns a stored cross-site scripting vulnerability. This vulnerability can be exploited through the "PostEnergyType API" endpoint. Recommendations: For versions prior to...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2022:3765-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3765-1 advisory. Updated to version 8.3.10 jscSLE-24565, jscSLE-23422, jscSLE-23439: - CVE-2022-31097: Fixed XSS...
Server side request forgery (ssrf)
The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...
PT-2022-5272 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack overflow in the D-Link DIR-816 A2 router's firmware, which can be triggered via the srcip parameter at the "/goform/form2IPQoSTcAdd" API endpoint. This can...
PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit
Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...
Remote code execution
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...
CVE-2022-2884
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...
PT-2022-25879 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...
PT-2022-25865 · Xzs · Xzs
Name of the Vulnerable Software and Affected Versions: xzs version 3.8.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field in the /admin/question/edit API endpoint. This enables the execution of malicious code...
PT-2022-26294 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/fromSetIpMacBind". Recommendations: For Tenda AC10 version 15.03.06.23, as a...
PT-2022-26291 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetDeviceName" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as ...
CVE-2022-2992
CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...
PT-2022-26298 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/saveParentControlInfo" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23,...
PT-2022-26297 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/formWifiWpsStart". Recommendations: For Tenda AC10 version 15.03.06.23, as a...
PT-2022-26289 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow that can be triggered via the "/goform/fromNatStaticSetting" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, consider restricting access t...