CVE-2022-23993
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST[‘pkg_filter’] in a PHP echo call.
Source: CVE-2022-23993
[월:] 2022년 01월
CVE-2022-23990
CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Source: CVE-2022-23990
CVE-2021-46114
CVE-2021-46114
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Source: CVE-2021-46114
CVE-2021-46385
CVE-2021-46385
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
Source: CVE-2021-46385
CVE-2022-22850
CVE-2022-22850
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 via the description parameter in room_types.
Source: CVE-2022-22850
CVE-2021-46561
CVE-2021-46561
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.
Source: CVE-2021-46561
CVE-2022-0368
CVE-2021-29838
CVE-2021-29838
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Source: CVE-2021-29838
CVE-2021-29846
CVE-2021-29846
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.
Source: CVE-2021-29846
CVE-2021-29845
CVE-2021-29845
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.
Source: CVE-2021-29845