DEBIAN-CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

UBUNTU-CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

Remote code execution

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 is affected by a remote code execution (RCE) vulnerability that can be triggered by inserting a crafted payload into the name field in the Create New Room module. The underlying issue arises from room names being stored in /var/www/html/hoteldruid/dati/selectappartamenti.php, a ...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35557)

Summary IBM Emptoris Program Management supports Oracle database server as a backend database. The remediated version of Oracle database server has been certified by IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-35557 DESCRIPTION: An unspecified vulnerability in Oracle...

WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin < 1.1.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin versions 1.1.9. Solution Update the WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin to the latest available version at least...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

banks.expert Cross Site Scripting vulnerability OBB-2385387

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GSD-2022-1000607 ceph: properly put ceph_string reference after async create attempt

ceph: properly put cephstring reference after async create attempt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.5 by commit...

GSD-2022-1000486 NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.10 by commit...

GSD-2022-1000411 NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.24 by commit...

CVE-2022-25359

CVE-2022-25359 affects Industrial Control Links ScadaFlex II SCADA Controllers SC-1/SC-2. According to ICS/CISA data, unauthenticated remote attackers can overwrite, delete, or create files via external control of file name or path (CWE-73). Affected SW versions include 1.03.07 (build 317) and ol...

Cross Site Scripting(XSS)

intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists because create page functionality of admin account which allows a malicious attacker to inject and execute arbitrary javascript...

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

Cross site scripting

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...