CVE-2022-40001

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...

CVE-2022-40001

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that data about its subscribers can be obtained via the createAction operation...

PT-2022-28058 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....

Shoplazza 1.1 Cross Site Scripting

Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...

The vulnerability of the “Create poll” module in the YOP Poll plugin of the WordPress content management system allows a hacker to perform cross-site scripting attacks.

The vulnerability of the “Create poll” module in the YOP Poll plugin of the WordPress content management system is related to the lack of protection for website structure when processing parameters such as “Vote Button Label”, “Show Results Link”, and “Display Back to vote Link”. Exploiting this...

PT-2022-35988 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: drbd versions prior to v6.0.10 Description: The issue is related to a use after free in the drbd create device function. The actual impact and attack plausibility have not yet been proven. It was introduced in version v3.15 and fixed in Linux...

PT-2022-36480 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: drbd versions prior to v4.19.267 linux kernel versions 3.15 through 4.19.266 Description: A use after free issue exists in the drbd create device function. The actual impact and attack plausibility have not yet been proven. Recommendations: F...

PT-2022-36400 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: drbd versions prior to v5.4.225 Description: The issue is related to a use after free in the drbd create device function. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.4.225,...

PT-2022-36296 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: drbd versions prior to v5.10.156 Description: A use after free issue exists in the drbd create device function. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.10.156, update to...

Cross site scripting

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name...

Online Leave Management System 跨站脚本漏洞

Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. The...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. PoC js var root =require"create-choo-app3" root.devInstall"./","& touch JHU",function Remediation There is no fixed version for create-choo-app3...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7, which...

Garage Management System 跨站脚本漏洞

Garage Management System is a garage management system developed by Mayuri K. A cross-site scripting vulnerability exists in Garage Management System v1.0, which can be exploited by attackers to inject malicious scripts at /garage/phpaction/createBrand.php and obtain sensitive information such as...

Creation of Temporary File in Directory with Insecure Permissions

Overview com.github.samtools:htsjdk is a Java API for high-throughput sequencing data HTS formats Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions. due to the createTempDir function in util/IOUtil.java not checking for the...

MPXJ 安全漏洞

MPXJ is an open source library for Jon Iles individual developers. It is used to read and write project plans from various file formats and databases. A security vulnerability exists in MPXJ versions prior to 10.14.1 that stems from the use of File.createTempFile... This causes a temporary file t...

PT-2022-36786 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack buffer overflow error, as indicated by the crash type 'Stack-buffer-overflow WRITE'. The crash state includes functions...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details CVEID:CVE-2022-22483 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...