» 2022 » 4월

CVE-2022-27341

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2022-27341

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.

Source: CVE-2022-27341

CVE-2022-1440

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.

Source: CVE-2022-1440

CVE-2022-29589

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2022-29589

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.

Source: CVE-2022-29589

CVE-2021-20464

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-20464

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

Source: CVE-2021-20464

CVE-2021-38886

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-38886

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

Source: CVE-2021-38886

CVE-2021-38903

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691.

Source: CVE-2021-38903

CVE-2021-38904

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-38904

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

Source: CVE-2021-38904

CVE-2021-29824

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468.

Source: CVE-2021-29824

CVE-2022-1439

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.

Source: CVE-2022-1439

CVE-2021-38905

Posted on 2022년 4월 23일2022년 4월 23일 by admin

CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

Source: CVE-2021-38905