Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.8.3 through v1.8.5, which stems from the starttime and stoptime parameters in the my2sql interface containing SQL injection vulnerabilities...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

PT-2022-24443 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.5 through 1.8.5 Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities exist via the start file, end file, start time, and stop time parameters in the binlog2sql interface...

WordPress plugin BackupBuddy 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2022-24363 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered in the Tenda AC18 router, specifically via the list parameter at the "/goform/SetIpMacBind" API endpoint. Recommendations: For...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +129 more potentially affected by CVE-2022-38170 via apache-airflow (>=1.8.2 <=2.3.2)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-38170 Source advisory: OSV:GHSA-Q8H9-PQCX-59HW...

PT-2022-9936 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to cross-site request forgery. Recommendations: Fo...

PT-2022-4410 · Vmware +10 · Vmware Tools +10

Name of the Vulnerable Software and Affected Versions: VMware Tools versions 10.x.y through 12.0.0 Description: The issue is related to insufficient access control in VMware Tools, allowing a malicious actor with local non-administrative access to the Guest OS to escalate privileges as a root use...

PukiWiki 跨站脚本漏洞

PukiWiki is a suite of Wiki software from Lindsay's personal developer. A security vulnerability exists in PukiWiki versions 1.5.1 through 1.5.3 that could allow a remote attacker to inject arbitrary scripts via unspecified vectors...

CVE-2022-35655

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting...

aristote-malo (=1.9.5), biobridge (>=0.1.0 <=0.2.5) +26 more potentially affected by CVE-2022-25304 via opcua (>=0.98.13 <=0.98.3)

opcua PYPI version =0.98.13, =0.1.0, =5.1.0, =1.4.1b1, =0.7.0b1, =0.3.3, =1.0.1, =0.1.0, =0.1.2.post1 and more Source cves: CVE-2022-25304 Source advisory: SNYK:PYTHON-OPCUA-2988730...

CVE-2022-33311

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors...

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

CVE-2022-30604

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

PT-2022-21359 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: The issue allows a remote authenticated attacker to bypass operation restrictions and alter data in Project via unspecified vectors. Recommendations: For versions 10.0.0 through 10.8.5...

PT-2022-21386 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: The issue allows a remote authenticated attacker to bypass operation restrictions in the Scheduler component of Cybozu Office, enabling them to alter Scheduler data via unspecified...

Zoom Client 安全漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client for MacOS Standard and IT Management Editions versions prior to 5.7.3 through 5.11.5, which originates from a vulnerability that can be exploited b...

Varnish Cache 安全漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache version 7.0.0, 7.0.1, 7.0.2, and 7.1.0, which originates. An attacker can exploit the vulnerability by spoofing HTTP/1 back-end response assertions and automatically restarting the server...

DEBIAN-CVE-2021-37150

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

CVE-2022-25763 Improper input validation on HTTP/2 headers

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...