CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
Source: CVE-2022-1504
[월:] 2022년 04월
CVE-2021-46421
CVE-2021-46421
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
Source: CVE-2021-46421
CVE-2021-46441
CVE-2021-46441
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
Source: CVE-2021-46441
CVE-2022-1503
CVE-2022-1503
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.
Source: CVE-2022-1503
CVE-2022-29810
CVE-2022-29810
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
Source: CVE-2022-29810
CVE-2022-29700
CVE-2022-29700
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
Source: CVE-2022-29700
CVE-2022-29701
CVE-2022-29701
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
Source: CVE-2022-29701
CVE-2022-27332
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
Source: CVE-2022-27332
CVE-2022-28085
CVE-2022-28085
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
Source: CVE-2022-28085
CVE-2022-27331
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Source: CVE-2022-27331