Sql injection

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...

CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...

XSS Stored inside website title

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

CVE-2022-21605

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

CVE-2022-37835

Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges...

CVE-2022-38258

A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request...

Gogs Directory Traversal

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925...

CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...

CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...

PT-2022-2325

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server...

AZL-9493 CVE-2022-21425 affecting package mysql for versions less than 8.0.29-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY, related to the transmission of data in an open format, allows attackers to perform spoofing attacks.

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to carry out spoofing attacks...

FUXA 代码问题漏洞

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA 1.1.3 that originates from obtaining sensitive information from the server's internal environment and services, which could typically lead to an attacker executing commands...

WordPress Plugin信息泄露漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Plugin Perfect Brands for WooCommerce is vulnerable to an information disclosure vulnerability that could be exploited by an attacker...

UBUNTU-CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client...

PT-2022-2014 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: DML component. This allows a high-privileged attacker with network access via...

Information Disclosure

hadoop-hdds-container-service is vulnerable to information disclosure. an attacker can modify ratis replication configuration through the server-to-server RPC endpoint by downloading the raw data from the data node and ozone manager...

CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is primarily used to track and manage various types of issues and defects in the workplace. A cross-site scripting vulnerability exists in Atlassian Jira Server and Data Center that originates from a...

Atlassian Jira 信息泄露漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability in Atlassian Jira Server and Data Center versions prior to 8.5.10 and versions 8.6.0 through 8.13.1...