CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
Source: CVE-2022-27311
[월:] 2022년 04월
CVE-2022-27103
CVE-2022-27103
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
Source: CVE-2022-27103
CVE-2022-28586
CVE-2022-28586
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
Source: CVE-2022-28586
CVE-2022-28506
CVE-2022-28506
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
Source: CVE-2022-28506
CVE-2022-27429
CVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
Source: CVE-2022-27429
CVE-2022-28053
CVE-2022-28053
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Source: CVE-2022-28053
CVE-2021-36460
CVE-2021-36460
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless.
Source: CVE-2021-36460
CVE-2022-27428
CVE-2022-27428
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
Source: CVE-2022-27428
CVE-2022-27135
CVE-2022-27135
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
Source: CVE-2022-27135
CVE-2021-45840
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
Source: CVE-2021-45840