CVE-2022-23334

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...

CVE-2022-23334

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...

Command injection

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...

CVE-2022-42366

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-43706

Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...

CVE-2022-44953

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...

jaerenkort.net Cross Site Scripting vulnerability OBB-3075373

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PYSEC-2022-42981

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

Information Disclosure

System.Data.SqlClient and Microsoft.Data.SqlClient packages in the .NET framework are vulnerable to information disclosure. The vulnerability occurs during heavy load, which lets an attacker access arbitrary data from asynchronously executed queries...

GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

XSS Stored - Content of tasks are not sanitize

Description If a user inject an XSS payload inside the content of a task. All users that visit the kanban will execute the corresponding XSS payload. Proof of Concept Create XSS in task content XSS is executed...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

AoratosWin - A Tool That Removes Traces Of Executed Applications On Windows OS

AoratosWin is a tool that removes traces of executed applications on Windows OS which can easily be listed with tools such as ExecutedProgramList by Nirsoft. Feel free to decompile, reverse, redistribute, etc. Supported OS Tested On Windows 7 x86, x64 Windows 8 x86, x64 Windows 8.1 x86, x64 Windo...

Path traversal

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a...

JVN#43979089: PukiWiki vulnerable to cross-site scripting

PukiWiki provided by PukiWiki Developers Team contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update the Software to the latest version...

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

CVE-2022-34258

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

CVE-2021-22646 Ovarro TBox Code Injection

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

Coffee Shop Cashiering System 1.0 SQL Injection

Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection Date: 27-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip Version: 1.0 Tested on: Windows...

Products.CMFPlone XSS in profile home_page property

A member of the Plone site could set javascript in the homepage property of their profile, and have this executed when a visitor clicks the home page link on the author page...