Cross-site scripting - Stored via upload ".xml" file

Description In file upload function, the server allow upload .xml file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /?PageTitre/ajaxupload&qqfile=index.xml HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:104.0 Gecko/20100101...

CVE-2022-21515

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2022-30623

CVE-2022-30623 affects Chcnav P5E GNSS. The vulnerability arises from non-standard cookie handling: an attacker can set a cookie value name (status) to true to bypass system authentication (username/password). This results in authentication bypass with impacts described as high confidentiality, i...

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI...

IBM Spectrum Protect Server Security Feature Issue Vulnerability

IBM Spectrum Protect Server is a spectrum protection system from IBM USA, Inc. providing comprehensive data resiliency for physical file servers, virtual environments, and a wide range of applications.IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 have a security feature issue...

CVE-2022-33329

Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/setsystime/...

CVE-2022-33327

Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The...

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

MAL-2022-4907 Malicious code in nodejs_net_server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38544243e809d4f6d82a87abad44436a676a9ffc748c974ec1657ce0c99360a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-31041 Insufficient content-type validation for uploaded files in open-forms

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users e.g. only PDF / Excel / .... The input validation of uploaded fil...

Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP

Impact Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 8ac16345a3bc099b62c1f5cfbf3b736e621c3f76, arbitrary item IDs are able to be written into an item's NBT. The intended purpose of this is to make said unmapped network items able to be moved around the inventory withou...

Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server...

Incorrect Authorization in Undertow

Undertow before versions 1.4.18.SP1 not findable in Maven, 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MI...

GHSA-CP7V-VMV7-6X2Q Incorrect Authorization in Undertow

Undertow before versions 1.4.18.SP1 not findable in Maven, 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MI...

Design/Logic Flaw

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o...

AMD EPYC 安全漏洞

AMD EPYC is an x86 server microprocessor product line from AMD, known as "Xiao Long" in Chinese, which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC UApp/ABL. The vulnerability can be exploited by an attacker to corrupt arbitrary memory by bootloading a program,...

CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

CVE-2022-29180

CVE-2022-29180 affects charmbracelet/charm via Server-Side Request Forgery (SSRF). Attackers could forge HTTP requests to manipulate the charm data directory and access or delete server contents. The issue is patched in release v0.12.1; users running self-hosted Charm should upgrade. Affected com...

Slackware: Security Advisory (SSA:2021-259-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...