CVE-2022-26268
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.
Source: CVE-2022-26268
[월:] 2022년 03월
CVE-2021-44211
CVE-2021-44211
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
Source: CVE-2021-44211
CVE-2021-44208
CVE-2021-44208
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
Source: CVE-2021-44208
CVE-2021-26598
CVE-2021-26598
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Source: CVE-2021-26598
CVE-2021-26599
CVE-2021-26599
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
Source: CVE-2021-26599
CVE-2021-26600
CVE-2021-26600
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Source: CVE-2021-26600
CVE-2021-26601
CVE-2021-26601
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.
Source: CVE-2021-26601
CVE-2022-26258
CVE-2022-26258
D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.
Source: CVE-2022-26258
CVE-2022-26255
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
Source: CVE-2022-26255
CVE-2021-44127
CVE-2021-44127
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.
Source: CVE-2021-44127