CVE-2022-43581

CVE-2022-43581 affects IBM Content Navigator versions 3.0.0 through 3.0.12, where missing authorization could allow an authenticated user to load external plugins and execute code. The issue is documented across IBM security bulletins and Red Hat advisories, with remediation guidance including ap...

IBM Content Navigator 缓冲区错误漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator, which originates from its susceptibility to loss of...

PT-2022-26977 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.0 through 3.0.12 Description: The issue is related to missing authorization, which could allow an authenticated user to load external plugins and execute code. Recommendations: For IBM Content Navigator...

Doufox Arbitrary File Upload (CVE-2022-38621)

An arbitrary file upload vulnerability exists in Doufox. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

WordPress Plugin Betheme them plugin deserialization vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A deserialization vulnerability exists in WordPress Plugin Betheme them plugin 26.5.1.4 and...

CVE-2022-3861 Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

CVE-2022-43265

An arbitrary file upload vulnerability in the component /pages/saveuser.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

AyaCMS arbitrary file upload vulnerability

AyaCMS is an extremely simple and free open source PHP website builder. v3.1.2 of AyaCMS contains a security vulnerability that originates from an arbitrary file upload vulnerability found via the component /admin/fstupload.inc.php. An attacker could use this vulnerability to execute arbitrary co...

Siemens Parasolid out-of-bounds write vulnerability

Parasolid is a 3D geometric modeling tool that supports multiple techniques, including solid modeling, direct editing, and free-form surface/table modeling.An out-of-bounds write vulnerability exists in Siemens Parasolid, which can be exploited by attackers to execute code in the context of the...

CVE-2022-43277

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/phpaction/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34825

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrit...

CVE-2022-34825

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrit...

Buffer overflow

Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite...

CVE-2022-43546

A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V14.1.0.4, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.7, Teamcenter Visualization V14.0 All versions V14.0.0.3, Teamcenter Visualization V14.1 All versions V14.1.0.4. The...

CVE-2022-3705

A use-after-free flaw was found in the qfupdatebuffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code...

CVE-2022-43275

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/phpaction/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Apple iOS 和 iPadOS 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS. An attacker could exploit this vulnerability to execu...

Mitel MiCollab 代码问题漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel MiCollab version 9.5.0.101 and prior versions, which stems from an issue in the web conferencing...

CVE-2022-43405

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary co...