CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

Information disclosure

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

CVE-2022-34588

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetableinsertform.php...

CVE-2022-34588

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetableinsertform.php...

Sql injection

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetableinsertform.php...

CVE-2022-34588

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetableinsertform.php...

Advanced School Management System SQL注入漏洞

Advanced School Management System is a school management system by Angel Jude Reyes Suarez, an individual developer. A security vulnerability exists in version 1.0 of Advanced School Management System, which originates from an SQL injection issue in the grade parameter of the...

WordPress Download Manager 3.2.43 Cross Site Scripting

Exploit Title: Download Manager Cross-Site Scripting Date: 2022-06-16 Exploit Author : Andrea Bocchetti Vendor Homepage : https://wordpress.org/plugins/download-manager/ Version : = 3.2.43 Tested on: windows CVE : CVE-2022-2101 Description 1- Login in the plugin page 2- add the xss payload in the...

EulerOS 2.0 SP9 : cyrus-sasl (EulerOS-SA-2022-1835)

According to the versions of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2022-1712)

According to the versions of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

GHSA-43W2-9J62-HQ99 Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

phpMyAdmin CSRF Vulnerability

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...

GHSA-J696-6M57-MCRV Silverstripe CMS XSS Vulnerability

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...

Silverstripe CMS XSS Vulnerability

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...

WordPress Documentor plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Documentor plugin 1.5.3 and earlier versions are vulnerable to SQL injection, which stems...

DEBIAN-CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

UBUNTU-CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

CVE-2021-42868

A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 in the firstname parameter in 1 patient/insert, 2 patientreport, 3 appointmentreport, 4 visitreport, and 5 billdetailreport pages...

CVE-2021-42869

A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 via the lastname parameter in the 1 patient/insert, 2 patientreport, 3 /appointmentreport, 4 visitreport, and 5 /billdetailreport pages...