The vulnerability of the Moodle course management system lies in the insufficient verification of the HTTP source in the URL address of the course redirect. This allows attackers to execute attacks by manipulating inter-site requests.

The vulnerability of the Moodle course management system is related to insufficient verification of the HTTP source in the URL address of the course redirect. Exploiting this vulnerability allows a malicious actor to carry out attacks by manipulating inter-site requests...

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge browsers allows attackers to carry out spoofing attacks.

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files...

PT-2022-25382 · Softr · Softr

Name of the Vulnerable Software and Affected Versions: Softr version 2.0 Description: The issue is related to HTML injection via the Name field of the Account page. This allows for potential malicious code execution. Recommendations: For Softr version 2.0, consider restricting access to the Accou...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

PT-2022-9009 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.0.8 Description: The issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This is a Cross Site Scripting XSS issue, which enables attackers to execute scripts in the context of another...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...

PT-2022-27059 · Unknown · Csaf Provider

Name of the Vulnerable Software and Affected Versions: csaf provider versions prior to 0.8.2 Description: The issue allows for Cross-site Scripting XSS via a crafted CSAF document uploaded as text/html. The "upload" endpoint allows valid CSAF advisories in JSON format to be uploaded with...

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

...

CVE-2022-2640

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

Book Store Management System 跨站脚本漏洞

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0.0, which stems from the Name parameter of its Add New System User module, which allows an attacker to execute arbitrary web...

Horner Automation Remote Compact Controller 加密问题漏洞

The Horner Automation Remote Compact Controller Horner Automation RCC is a compact controller from Horner Automation, USA. A vulnerability exists in Horner Automation Remote Compact Controller 972 firmware version 15.40 due to an encryption issue in the configuration file using weak XOR encryptio...

CVE-2022-4174

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2022-4185

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2022-4188

Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2022-4174

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in versions of Google Chrome prior to V8 108.0.5359.71, which can be exploited by remote attackers to launch an attack via a crafted HTML page using heap corruption...

The vulnerability of the Special:UserRights component of the MediaWiki software, which enables the implementation of a hypertext environment, allows a perpetrator to disclose protected information.

The vulnerability of the Special:UserRights component of the MediaWiki software, which is used to implement the hypertext environment, is related to errors in permission handling. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which originates from all users in the Authenticated users group having write access to the subfolder C:\tools\php81 and all files in that folder,...