IBM Sterling Partner Engagement Manager SQL注入漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. IBM Sterling Partner Engagement Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can...

K000130346: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Security Advisory Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the...

PT-2022-26191 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 Nextcloud Server versions prior to 24.0.5 Description: The issue arises from the lack of validation of calendar name lengths before they are written to a database. This allows an attacker to send...

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87037)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that originates in the /asms/classes/Master.php?f=deleteservice component that lacks validation of...

DEBIAN-CVE-2022-39837

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...

DEBIAN-CVE-2022-39836

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...

UBUNTU-CVE-2022-39836

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...

PT-2022-24860 · Flux · Flux

Name of the Vulnerable Software and Affected Versions: Flux versions prior to 0.35.0 Description: The issue concerns a Denial of Service in Flux, an open and extensible continuous delivery solution for Kubernetes. Users with permissions to change Flux's objects can provide invalid data to fields...

Online Pet Shop We App Master.php?f=delete_order SQL Injection Vulnerability

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...

_releaseIntervalSecs is not validated

Lines of code Vulnerability details Impact VTVLVesting.sol has createClaimUnchecked function to create the claims internally while validating parameters with the users' allocations. However, releaseIntervalSecs is not validated comparing to user's linearVestAmount and startTimestamp endTimestamp...

DEBIAN-CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

AZL-10865 CVE-2022-32743 affecting package samba 4.12.5-7

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

Simple E-Learning System 安全漏洞

Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...

CVE-2022-28671

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2022-22371 · Siemens · Simatic Cp 1542Sp-1 Irc +13

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 versions prior to V3.3.46 SIMATIC CP 1243-1 versions prior to V3.3.46 SIMATIC CP 1243-7 LTE EU versions prior to V3.3.46 SIMATIC CP 1243-7 LTE US versions prior to V3.3.46 SIMATIC CP 1243-8 IRC versions prior to V3.3.46...

PT-2022-9675 · Bestwebsoft · Rating By Bestwebsoft Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Rating by BestWebSoft WordPress plugin versions prior to 1.6 Description: The issue allows submission of a long integer as a rating, causing a Denial of Service on the post/page when such a rating is submitted. This occurs due to the lack...

Fast Food Ordering System 路径遍历漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to an arbitrary file deletion vulnerability, which originates in /ffos/classes/Master.php?f=deleteimg page lacks valid validation and can be...

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

Badminton Center Management System SQL注入漏洞（CNVD-2022-44728）

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records. version v1.0 of Badminton Center Management System is vulnerable t...

ChatBot Application with a Suggestion Feature SQL注入漏洞

ChatBot Application with a Suggestion FeatureA ChatBot application with a suggestion feature. chatBot Application with a Suggestion Feature v1.0 is vulnerable to a SQL injection vulnerability in /simple chatbot/classes/Master.php?f=deleteresponse, id is missing validation for external input SQL...