CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
Source: CVE-2022-0386
[월:] 2022년 03월
CVE-2022-0652
CVE-2022-0652
Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Source: CVE-2022-0652
CVE-2022-27607
CVE-2022-27607
Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a related issue to CVE-2018-14531.
Source: CVE-2022-27607
CVE-2022-26283
CVE-2022-26283
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
Source: CVE-2022-26283
CVE-2022-26285
CVE-2022-26285
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
Source: CVE-2022-26285
CVE-2022-26284
CVE-2022-26284
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
Source: CVE-2022-26284
CVE-2022-27090
CVE-2022-27090
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
Source: CVE-2022-27090
CVE-2022-26184
CVE-2022-26184
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
Source: CVE-2022-26184
CVE-2022-27333
CVE-2022-27333
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
Source: CVE-2022-27333
CVE-2022-26174
CVE-2022-26174
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.
Source: CVE-2022-26174