SAP GUI 代码注入漏洞

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

CVE-2022-42924 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation...

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A formatting string error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from the fact that an attacker can send an authenticated, malicious HTTP request to its web interface/action/wirelessConnect functionality...

CVE-2022-41707

The CVE-2022-41707 entry concerns Relatedcode’s Messenger (version 7bcd20b). Affected component: Messenger app data handling that exposes user data publicly. Root cause: information disclosure allowing an authenticated external attacker to access sensitive data of any user. Impact: Confidentialit...

CVE-2022-35844

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted argument...

CVE-2022-41206

SAP BusinessObjects Business Intelligence platform Analysis for OLAP - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on...

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: zeroSteiner at January 10, 2023 2:58pm UTC reported: CVE-2022-41082, also known as ProxyNotShell is an authenticated RCE in Microsoft Exchange. ProxyNotShell actually combines CVE-2022-41082 and CVE-2022-41040 for t...

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...

PT-2022-6547 · Fortinet · Fortiadc +2

Name of the Vulnerable Software and Affected Versions: FortiADC versions 5.x through 7.1.0 FortiDDoS versions 4.x through 5.6 FortiDDoS-F versions 6.1.0 through 6.4.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow an...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-2934 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2517 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

CVE-2022-34486

CVE-2022-34486 concerns a path traversal vulnerability in PukiWiki versions 1.4.5–1.5.3. The issue allows a remote authenticated attacker with administrative privileges to execute a malicious script via unspecified vectors, indicating a potentially high impact (CVE details show high severity in s...

CVE-2022-20884

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20884 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Zabbix Frontend 跨站脚本漏洞

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend that stems from a graphical page that lacks checksum filters for user-supplied data and output. An authenticated attacker can exploit this...

CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...