Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body PoC As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

CVE-2022-29881

A vulnerability has been identified in SICAM T All versions V3.0. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details...

CVE-2022-29879

A vulnerability has been identified in SICAM T All versions V3.0. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information...

CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading...

Improper access control

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading...

CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading...

GitLab 8.12.0 < 14.8.6 / 14.9.0 < 14.9.4 / 14.10.0 < 14.10.1 (CVE-2022-1406)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project...

CVE-2022-22773

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Serv...

Cross-Site Request Forgery in Jenkins Git Plugin

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

TIBCO Software JasperReports Server 跨站脚本漏洞

TIBCO Software JasperReports Server is an embeddable reporting server from TIBCO Software, Inc. that provides reporting and analytics capabilities that can be embedded into web or mobile devices. A security vulnerability exists in TIBCO Software JasperReports Server that could allow an attacker...

Simple Client Management System SQL注入漏洞（CNVD-2022-57772）

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which stems from a lack of validation of external SQL statements in /cms/admin/maintenance...

Simple Client Management System SQL注入漏洞（CNVD-2022-57777）

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Users.php ? f=delete in the post request id parameter...

Online Sports Complex Booking System SQL注入漏洞（CNVD-2022-58672）

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in /scbs/admin/ categories/managecategory.php?id=, an attacker can execu...

Insurance Management System SQL Injection Vulnerability (CNVD-2022-85115)

Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...

Siemens SICAM T 访问控制错误漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-41035 DESCRIPTION:...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to cause a denial-of-service or to execute arbitrary code execute arbitrary code under the user's privileges. The vulnerability with reference CVE-2022-30129 allows a malicious person to...

KLA12535 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visual Studio can be exploited...

The Importance of Defining Secure Code

The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to profitably function, without competitive applications and programs, or without 24-hour access to their website...

Covid-19 Directory On Vaccination System SQL注入漏洞

The Covid-19 Directory On Vaccination System is a COVID-19 information management system by an individual developer in Ndueso Okorie, Nigeria. The system will accurately store and retrieve information about COVID-19 vaccinations to control the spread of a pandemic. A security vulnerability exists...