6612 matches found
Malicious code in eg-auth-ui-localization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GLSA-202212-05 : Mozilla Network Security Service (NSS): Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202212-05 Mozilla Network Security Service NSS: Multiple Vulnerabilities - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures...
ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +1490 more potentially affected by CVE-2022-4565 via cn.hutool:hutool-core (>=4.0.0 <=5.8.10)
cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4.R, =1.0.6.R and more Source cves: CVE-2022-4565 Source advisory: OSV:GHSA-47VX-FQR5-J2GW...
PT-2022-26184 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4.3 Description: The issue is related to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId,...
CVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
CVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
Sql injection
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...
CVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
Active exploitation of the Fortinet pre-auth RCE vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as...
CVE-2022-41263
CVE-2022-41263 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) v4.2/v4.3 (420, 430). Root cause: missing authentication check allows an authenticated non-administrator to modify data source information for a restricted document, yielding a limited integrity impact. N...
Judging Management System 1.0 Shell Upload
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
PT-2022-25157 · WordPress · Dpd Baltic Shipping
Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping WordPress plugin versions prior to 1.2.57 Description: The issue concerns a lack of authorisation and CSRF protection in an AJAX action. This could allow any authenticated user to delete arbitrary options from the blog,...
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 CVE-2022-46169 Cacti remoteagent.php Unauthen...
PT-2022-35984 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: A memory leak was discovered in the nvmet auth set key function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
CVE-2022-45829 WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Arbitrary File Deletion
Auth. Path Traversal vulnerability in Easy WP SMTP plugin = 1.5.1 at WordPress...
CVE-2022-45829
CVE-2022-45829 affects the WordPress Easy WP SMTP plugin, specifically versions <= 1.5.1. The vulnerability is an authenticated path traversal in the plugin, allowing traversal to sensitive files. Several sources also note potential arbitrary file deletion as part of the impact for affected ve...
CVE-2022-45833
CVE-2022-45833 is an authenticated path traversal vulnerability in WordPress Easy WP SMTP plugin versions ≤ 1.5.1. The issue, documented across multiple sources, allows traversal of directories in affected installations; exact exploit details are not provided in the initial/dependent documents. R...
CVE-2022-45816
CVE-2022-45816 affects the WordPress plugin GD bbPress Attachments (versions ≤ 4.3.1). The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of settings, enabling elevated-privilege users (e.g., admins) to inject XSS. Public refe...