PT-2022-25009 · Nokia · Nokia 1350 Oms

Name of the Vulnerable Software and Affected Versions: NOKIA 1350 OMS version R14.2 Description: An Open Redirect issue occurs on the login page via the next HTTP GET parameter. Recommendations: For NOKIA 1350 OMS version R14.2, consider restricting access to the login page or validating the next...

多款Huawei产品缓冲区错误漏洞

Huawei 576up005 HOTA-CM-H-Shark-BD and others are a headset from the Chinese company Huawei Huawei. A security vulnerability exists in several Huawei products. The vulnerability stems from insufficient validation of some parameter inputs, which can be exploited by an attacker to send a...

Remote Code Execution

flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...

Download Manager < 3.2.50 - Contributor+ PHAR Deserialization

The plugin does not validate a parameter, which could allow users with a role as low as contributor to perform PHAR deserialisation when a suitable gadget chain is also present...

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

Design/Logic Flaw

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-35222

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service...

Stack overflow

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service...

CVE-2022-2317

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter...

CVE-2022-2317

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter...

CVE-2022-2260

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the...

CVE-2022-2260

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the...

CVE-2022-32959

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access

The plugin does not validate a parameter which could allow unauthenticated users to read arbitrary files on the web server...

U.S. Dept Of Defense: Local File Inclusion in download.php

The local file inclusion vulnerability was discovered in the download.php file. Arbitrary files could be downloaded by an attacker using directory traversal via the filePathDownload parameter, provided the attacker knew a valid file path of an externally-facing document...

Don't trust in references contracts

Lines of code Vulnerability details Impact The references contracts don't check anything, and the function receive a lot of parameters to manipulate the call Proof of Concept If somebody approveERC20/777/721/1155 the TransferReference contract or use a delegatecall the tokens can be stolen...

CVE-2022-26648

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2022-31784

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker that has network access to the management interface to conduct a buffer overflow attack due to insufficient validation of URL...

CVE-2022-31784

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker that has network access to the management interface to conduct a buffer overflow attack due to insufficient validation of URL...