CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
Source: CVE-2022-26263
[월:] 2022년 03월
CVE-2022-25582
CVE-2022-25582
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.
Source: CVE-2022-25582
CVE-2021-43091
CVE-2021-43091
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
Source: CVE-2021-43091
CVE-2022-25577
CVE-2022-25577
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.
Source: CVE-2022-25577
CVE-2022-24777
CVE-2022-24777
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.
Source: CVE-2022-24777
CVE-2022-25574
CVE-2022-25574
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
Source: CVE-2022-25574
CVE-2021-43090
CVE-2021-43090
An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.
Source: CVE-2021-43090
CVE-2020-21554
CVE-2020-21554
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllersadmin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
Source: CVE-2020-21554
CVE-2021-46426
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Source: CVE-2021-46426
CVE-2022-27227
CVE-2022-27227
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Source: CVE-2022-27227