PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...

CVE-2022-25921

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

PT-2022-4343 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

CVE-2022-33717

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory...

CVE-2022-32248

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data...

Prison Management System SQL注入漏洞

Prison Management System is a prison management system by Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the application /pms/admin/prisons/viewprison.php The vulnerability is caused by the lack of SQL data filter escape ...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/bookings/ updatestatus.php?id=The page lacks validation for external input SQL...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/index.php?q=category&search=page missing validation of external input SQL statements. An attacker could use this vulnerability to...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...

GHSA-H2WQ-PRV9-2F56 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface...

GitLab 信息泄露漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. An information disclosure vulnerability exists in Gitlab Community Edition versions...

Jfinal CMS SQL注入漏洞

Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...

CuppaCMS SQL注入漏洞

CuppaCMS is a content management system CMS. SQL injection vulnerability exists in CuppaCMS v1.0, which originates from the missing validation of external input in the menufilter parameter in /administrator/templates/default/html/windows/right.php. SQL statement validation. An attacker could use...

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=siteoptions&social=display&value=0&sid=midsid parameter missing validation of external...

PT-2022-17717 · Notable · Notable

Name of the Vulnerable Software and Affected Versions: Notable version 1.8.4 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the Title text field, due to a lack of filtering for text editing. Recommendations: For Notable version 1.8.4, conside...

CVE-2021-42787

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...

Luocms 跨站脚本漏洞

Luocms is an article management system. A cross-site scripting vulnerability exists in Luocms v2.0, which stems from a lack of data validation filtering of user-supplied data and output in /admin/news/sortadd.php and /inc/function.php. An attacker could use this vulnerability to execute JavaScrip...

The vulnerability of NETGEAR’s integrated router software, including models R6400, R6400v2, R6700v3, R7000, R6900P, R7000P, and R8000, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of the embedded software of NETGEAR routers such as R6400, R6400v2, R6700v3, R7000, R6900P, R7000P, and R8000 lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...