CVE-2022-27349
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Source: CVE-2022-27349
[월:] 2022년 04월
CVE-2022-27348
CVE-2022-27348
Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
Source: CVE-2022-27348
CVE-2022-27346
CVE-2022-27346
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Source: CVE-2022-27346
CVE-2022-27064
CVE-2022-27064
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Source: CVE-2022-27064
CVE-2022-27063
CVE-2022-27063
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Source: CVE-2022-27063
CVE-2022-1219
CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
Source: CVE-2022-1219
CVE-2022-28805
CVE-2022-28805
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Source: CVE-2022-28805
CVE-2022-28796
CVE-2022-28796
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
Source: CVE-2022-28796
CVE-2021-43474
CVE-2021-43474
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
Source: CVE-2021-43474
CVE-2022-24681
CVE-2022-24681
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
Source: CVE-2022-24681