CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user’s login password.
Source: CVE-2022-23863
[월:] 2022년 01월
CVE-2022-23098
CVE-2022-23098
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
Source: CVE-2022-23098
CVE-2020-25905
CVE-2020-25905
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
Source: CVE-2020-25905
CVE-2022-23096
CVE-2022-23096
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
Source: CVE-2022-23096
CVE-2022-23097
CVE-2022-23097
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
Source: CVE-2022-23097
CVE-2021-45435
CVE-2021-45435
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
Source: CVE-2021-45435
CVE-2021-44249
CVE-2021-44249
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.
Source: CVE-2021-44249
CVE-2021-42791
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user’s login certificate.
Source: CVE-2021-42791
CVE-2020-28884
CVE-2020-28884
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.
Source: CVE-2020-28884
CVE-2020-28885
CVE-2020-28885
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
Source: CVE-2020-28885