CVE-2021-45892
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.
Source: CVE-2021-45892
[월:] 2022년 04월
CVE-2021-45891
CVE-2021-45891
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.
Source: CVE-2021-45891
CVE-2022-24231
CVE-2022-24231
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
Source: CVE-2022-24231
CVE-2022-25356
CVE-2022-25356
ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection.
Source: CVE-2022-25356
CVE-2022-26281
CVE-2022-26281
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
Source: CVE-2022-26281
CVE-2021-44109
CVE-2021-44109
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.
Source: CVE-2021-44109
CVE-2021-44108
CVE-2021-44108
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.
Source: CVE-2021-44108
CVE-2021-43008
CVE-2021-43008
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
Source: CVE-2021-43008
CVE-2021-42324
CVE-2021-42324
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.
Source: CVE-2021-42324
CVE-2022-26619
CVE-2022-26619
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
Source: CVE-2022-26619