CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

CVE-2022-4235

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

WordPress plugin Wholesale Market for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

UBUNTU-CVE-2022-39837

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

Input validation

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...

PT-2022-4343 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

CVE-2022-33717

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory...

CVE-2022-32248

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/bookings/ updatestatus.php?id=The page lacks validation for external input SQL...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/index.php?q=category&search=page missing validation of external input SQL statements. An attacker could use this vulnerability to...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...

GHSA-H2WQ-PRV9-2F56 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...