561 matches found
Prototype Pollution
baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...
CVE-2022-3073
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...
Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability
The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...
PT-2022-37332 · Unknown · Hyperledger Fabric
Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric version 2.3 Description: The issue allows attackers to cause a denial of service by repeatedly sending a crafted channel transaction with the same Channel name, leading to an orderer crash. However, the official Fabric with...
PVS - Unable to add new machines to existing Catalog
Unable to add new target devices to existing catalog using Virtual Desktop setup wizard/Streamed Wizard...
CVE-2022-41708
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly...
Rocket.Chat Input Validation Error Vulnerability
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...
CVE-2022-36638
An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...
IDOR allows to create new collection or modify a existing one
Description A normal user can create a new collection with the provided book ids or add new books to an existing collection, whose operations should be only executed by the administrator. \ \ This is possible due to an missing administrative role check in the /api/collection/update-for-series API...
CVE-2022-2224 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...
CVE-2022-30791
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected...
The splits configuration will become frozen once enough splits are added
Lines of code Vulnerability details Impact If there are enough entries in the splits array, the checks done to ensure existing locks are respected will cause attempts to change the split to revert, preventing the existing split assignment from changing. If the project has a lock with a long...
CVE-2022-33996
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user...
Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders
Lines of code Vulnerability details function matchOneToOneOrders OrderTypes.MakerOrder calldata makerOrders1, OrderTypes.MakerOrder calldata makerOrders2 external uint256 startGas = gasleft; uint256 numMakerOrders = makerOrders1.length; requiremsg.sender == MATCHEXECUTOR, 'OME';...
CVE-2022-30328
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...
CVE-2022-30328
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...
TRENDnet TEW-831DR 跨站请求伪造漏洞
The TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-831DR version 1.0 601.130.1.1356, which originates from the web interface's username and password settings that do not require the entry of an existing password. A malicious user can change...
CVE-2022-31803
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connectio...
OrderValidator: The _cancel function does not validate the order status, the order will be cancelled even if the order does not exist.
Lines of code Vulnerability details Impact In the cancel function of the OrderValidator contract, orderStatusorderHash.isValidated is not checked. If the user's input is incorrect, the non-existing order will be cancelled without any message, causing the user to think that the correct order has...