267 matches found
FreeBSD-SA-23:08.ssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...
FreeBSD-SA-23:02.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16...
Security Bulletin: IBM CICS TX Standard is vulnerable to HTTP Header injection (CVE-2022-34306)
Summary IBM CICS TX Standard could allow a remote attacker to invoke cross-site scripting, cache poisoning or session hijacking attacks on a vulnerable system. The fix removes this vulnerability CVE-2022-34306 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34306 DESCRIPTION: IBM...
Cross-site Scripting (XSS)
github.com/alist-org/alist is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in useradmin page which allows a remote attacker to inject and execute malicious javascript on the system...
Design/Logic Flaw
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high...
Xenstore: Guests can crash xenstored
ISSUE DESCRIPTION Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the...
CVE-2022-42201
Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload...
CVE-2022-42070
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery CSRF...
CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form...
IBM QRadar Network Security Trust Management Issue Vulnerability
IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...
Cross site scripting
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting XSS via publichtml/registervisitor?msg=...
CVE-2022-32004
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manageproduct.php?id=...
CVE-2022-30832
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientassign.php?booking=31&userid=...
Sql injection
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/dailycollectionreport.php:59...
CVE-2022-30461
Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=deleteclient, id...
Sql injection
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...
Sql injection
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=deletetransaction...
Cross site scripting
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation expl...
Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Microsoft addressed 51 vulnerabilities in the February 2022 patch Tuesday release, one of which was classified as a zero-day vulnerability. A remote attacker could exploit some of these vulnerabilities to gain control of a...