PT-2022-4455 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: The issue is related to the OSPF version 3 OSPFv3 feature of Cisco NX-OS Software and is due to incomplete input validation of specific OSPFv3 packets. This could allow an...

PT-2022-15204 · WordPress · Wpqa Builder

Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 5.7 Description: The issue allows any logged-in user to read other users' private messages using the message id, which can easily be brute forced, due to a lack of authorization checks before...

CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability

...

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

CVE-2022-2651

creationtimestamp| type| source ---|---|--- 2022-08-04 12:19:23+00:00| seen| https://t.me/cibsecurity/47534 2022-09-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51013...

CVE-2022-2581 Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104...

CVE-2022-34246 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

The vulnerability of Trendnet TEW-831DR router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of Trendnet TEW-831DR router microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos,...

CVE-2022-32328

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=deleteimg...

CVE-2022-30700

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2022-30279

An issue was discovered in Stormshield Network Security SNS 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a...

webray.com.cn

we...

CVE-2022-29176 Unauthorized gem takeover for some gems on rubygems.org

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

The vulnerability of embedded software developed by Qualcomm, related to the use of the assert() function or similar operators, allows attackers to trigger a service failure.

The vulnerability of embedded software developed for Qualcomm chips lies in the use of the assert function or similar operators. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Delta Controls enteliTOUCH 3.40.3935 Cross-Site Request Forgery (CSRF)

Summary enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for...

Exploit for Code Injection in Vmware Spring_Framework

Spring4shellbehinder What is it? A batch exploitation too...

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

Softwarebuero Zauner ARC Information Disclosure Vulnerability

Softwarebuero Zauner ARC is an application. softwarebuero Zauner ARC version 4.2.0.4 is vulnerable to an information disclosure vulnerability that originates from the plaintext transmission of sensitive information. An attacker could exploit this vulnerability to obtain sensitive information...

Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...