CVE-2022-26247
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.
Source: CVE-2022-26247
[월:] 2022년 03월
CVE-2022-26555
CVE-2022-26555
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.
Source: CVE-2022-26555
CVE-2022-25464
CVE-2022-25464
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Source: CVE-2022-25464
CVE-2022-26246
CVE-2022-26246
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.
Source: CVE-2022-26246
CVE-2021-44345
CVE-2021-44345
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.
Source: CVE-2021-44345
CVE-2022-24125
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.
Source: CVE-2022-24125
CVE-2022-24126
CVE-2022-24126
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.
Source: CVE-2022-24126
CVE-2022-0991
CVE-2022-0991
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
Source: CVE-2022-0991
CVE-2022-27226
CVE-2022-27226
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
Source: CVE-2022-27226
CVE-2022-26267
CVE-2022-26267
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.
Source: CVE-2022-26267