elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of...

PT-2022-7447 · Net Snmp +8 · Net-Snmp +8

Name of the Vulnerable Software and Affected Versions: net-snmp versions prior to 5.9.2 Description: The issue is related to a NULL pointer dereference in the nsVacmAccessTable component of the net-snmp software. This can be caused by a user with read-write credentials using a malformed OID in a...

MAL-2022-1637 Malicious code in body-complex-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e27fea97b9d518665eef95629efaf4c554bdce153227e8a69e10978c9af8ec4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in body-complex-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e27fea97b9d518665eef95629efaf4c554bdce153227e8a69e10978c9af8ec4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in body-complex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef48c53ad39055a3692dbe528815988861df665507cc31c52dad47e5f746b3e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1636 Malicious code in body-complex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef48c53ad39055a3692dbe528815988861df665507cc31c52dad47e5f746b3e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system. Online Sports Complex Booking System version 1.0 is vulnerable to SQL injection and no details of the vulnerability are available...

Online Sports Complex Booking System授权问题漏洞

Online Sports Complex Booking System is an online stadium booking system. version 1.0 of the Online Sports Complex Booking System is vulnerable to an authorization issue that could be exploited by attackers to take over a user's account via a specially crafted POST request...

Online Sports Complex Booking System跨站脚本漏洞

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System is vulnerable to a cross-site scripting vulnerability that originates in /scbs/classes/Users. php?f=saveclient lacks a validation filter for...

Online Sports Complex Booking System SQL注入漏洞（CNVD-2022-58665）

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System v1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

Online Sports Complex Booking System SQL注入漏洞（CNVD-2022-58666）

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System v1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

CVE-2022-28106

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

Sql injection

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

CVE-2022-28106

CVE-2022-28106 affects the Online Sports Complex Booking System v1.0. Public sources consistently describe an authorization flaw that lets an attacker take over a user account through a crafted POST request. The available documents do not provide explicit technical details on the affected compone...

CVE-2022-28106

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...