CVE-2020-36528 Platinum Mobile MobileHandler.ashx access control

A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the...

CVE-2022-1980

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=systeminfo/contactinfo. The manipulation of the textbox Telephone with the input alert1 leads to cross site scripting. The attack may be initiated...

CVE-2022-1979

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input alert1 leads to cross site scripting. The attack can be initiated remotely but requires...

CVE-2022-1980 SourceCodester Product Show Room Site cross site scripting

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=systeminfo/contactinfo. The manipulation of the textbox Telephone with the input alert1 leads to cross site scripting. The attack may be initiated...

CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...

CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...

CVE-2022-1837

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input leads to code execution. The attack may be launched remotely but demands an authentication. Exploit detai...

CVE-2022-1837 Home Clean Services Management System unrestricted upload

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input leads to code execution. The attack may be launched remotely but demands an authentication. Exploit detai...

CVE-2022-29447 WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated administrator or higher user role Local File Inclusion LFI vulnerability in Wow-Company's Hover Effects plugin = 2.1 at WordPress...

CVE-2022-21500

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

PT-2022-2880

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.2 Description The issue is related to insufficient input validation in the Manage Proxies component, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite...

SDT-CW3B1 1.1.0 Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

SolarView Compact 6.0 - OS Command Injection

Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...

Vulnerabilities fixed in Oracle Enterprise Linux kernel

Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

Cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590 Bludit New Content Module new-content cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590

Bludit 3.13.1 is affected by a Cross-Site Scripting vulnerability in the New Content module, exposed via the /admin/new-content endpoint. The issue stems from unsafely handling user-supplied content (example payload: ), enabling client-side script execution. The attack is remotely initiable but r...

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...