19 matches found
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: cluster-api, gitsign, gitlab-kas, helm-set-status, gitaly, harbor, kyverno, minio-object-browser, hubble, openbao, docker-credential-gcr, hubble-ui, lazydocker, grafana-pyroscope, filebrowser, sftpgo, tetragon, yunikorn-k8shim, scorecard, seaweedfs,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: harbor-cli, kyverno, hubble, rancher-loglevel, docker-credential-gcr, lazydocker, whereabouts, grafana-pyroscope, filebrowser, scorecard, certificate-transparency, cilium, kubewatch, consul-k8s, kuberlr, mariadb-operator, kubernetes-csi-external-resizer,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: aws-flb-firehose-fips, osv-scanner, kube-mgmt-fips, vendir, ipfs-cluster, nsc-fips, atlas, paranoia, prometheus-podman-exporter-fips, oras, traefik-fips, kubernetes-dashboard, spegel, trivy-operator, vault, k8ssandra-client, syncthing, trivy-fips, net-kourier,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: aws-flb-firehose-fips, osv-scanner, kube-mgmt-fips, vendir, ipfs-cluster, nsc-fips, atlas, paranoia, prometheus-podman-exporter-fips, oras, traefik-fips, kubernetes-dashboard, spegel, trivy-operator, vault, k8ssandra-client, syncthing, trivy-fips, net-kourier,...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
Design/Logic Flaw
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
PT-2022-27466 · Kwoksys · Kwok Information Server
Name of the Vulnerable Software and Affected Versions: Kwoksys Kwok Information Server versions prior to 2.9.5.SP31 Description: An XML external entity XXE injection issue allows remote authenticated users to conduct server-side request forgery SSRF attacks. This enables attackers to manipulate t...
CVE-2022-45326
CVE-2022-45326 affects Kwoksys Kwok Information Server — vulnerable component: XML processing (XXE) leading to server-side request forgery (SSRF). Affected: versions before 2.9.5.SP31; root cause is an XML external entity vulnerability. Impact as described: remote authenticated users can trigger ...
CVE-2013-5028
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
Sql injection
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
CVE-2013-5028
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
CVE-2013-5028
Kwoksys Kwok Information Server vulnerable to SQL injection in IT/hardware-list.dll (versions before 2.8.5). Affected component is the search command handling (hardwareType, hardwareStatus, hardwareLocation) with remote-authenticated access leading to arbitrary SQL execution. Root cause is improp...
Kwok Information Server 2.7.3 / 2.8.4 SQL Injection Vulnerability
Kwok Information Server versions 2.7.3 and 2.8.4 suffer from a remote blind SQL injection vulnerability. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor :...
Kwok Information Server 2.7.3 / 2.8.4 SQL Injection
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor : http://www.kwoksys.com/index.php || || Risk : Medium || || CVE-ID : 2013-5028 || || Tested on Platform : Windows...
Kwok Information Server - Multiple SQL Injections
Kwok Information Server - Multiple SQL Injections source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may...
Kwok Information Server - Multiple SQL Injections
source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application,...