CVE-2022-30040
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.
Source: CVE-2022-30040
CVE-2022-30062
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php
Source: CVE-2022-30062
CVE-2022-30048
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
Source: CVE-2022-30048
CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Source: CVE-2022-29845
CVE-2022-30059
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at backendcontrollersDbController.php.
Source: CVE-2022-30059
CVE-2022-30058
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at backendcontrollersDbController.php.
Source: CVE-2022-30058
CVE-2022-30061
ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.
Source: CVE-2022-30061
CVE-2022-30452
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
Source: CVE-2022-30452
CVE-2022-28259
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2022-28259