CVE-2021-28278
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
Source: CVE-2021-28278
[월:] 2022년 03월
CVE-2021-28277
CVE-2021-28277
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
Source: CVE-2021-28277
CVE-2021-28276
CVE-2021-28276
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
Source: CVE-2021-28276
CVE-2022-23881
CVE-2022-23881
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.
Source: CVE-2022-23881
CVE-2022-25608
CVE-2022-25608
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.
Source: CVE-2022-25608
CVE-2022-25609
CVE-2022-25609
Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.
Source: CVE-2022-25609
CVE-2022-25223
CVE-2022-25223
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in ‘mtms/admin/?page=transaction/view_details’ via the ‘id’ parameter.
Source: CVE-2022-25223
CVE-2022-25222
CVE-2022-25222
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in ‘admin/maintenance/manage_branch.php’ and ‘admin/maintenance/manage_fee.php’ via the ‘id’ parameter.
Source: CVE-2022-25222
CVE-2022-25221
CVE-2022-25221
Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code.
Source: CVE-2022-25221
CVE-2022-1030
CVE-2022-1030
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.
Source: CVE-2022-1030