» 2022 » 5월

CVE-2021-41714

Posted on 2022년 5월 24일2022년 5월 24일 by admin

CVE-2021-41714

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.

Source: CVE-2021-41714

CVE-2022-1811

Posted on 2022년 5월 24일2022년 5월 24일 by admin

CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

Source: CVE-2022-1811

CVE-2022-28998

Posted on 2022년 5월 23일2022년 5월 24일 by admin

CVE-2022-28998

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.

Source: CVE-2022-28998

CVE-2022-28997

Posted on 2022년 5월 23일2022년 5월 24일 by admin

CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Source: CVE-2022-28997

CVE-2022-0900

Posted on 2022년 5월 23일2022년 5월 24일 by admin

CVE-2022-0900

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive’s "aciklama" parameter could allow anyone to gain users’ session informations.

Source: CVE-2022-0900

CVE-2022-1810

Posted on 2022년 5월 23일2022년 5월 23일 by admin

CVE-2022-1810

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.

Source: CVE-2022-1810

CVE-2022-1817

Posted on 2022년 5월 23일2022년 5월 23일 by admin

CVE-2022-1817

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

Source: CVE-2022-1817

CVE-2022-1816

Posted on 2022년 5월 23일2022년 5월 23일 by admin

CVE-2022-1816

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

Source: CVE-2022-1816

CVE-2022-29599

Posted on 2022년 5월 23일2022년 5월 23일 by admin

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Source: CVE-2022-29599

CVE-2021-42586

Posted on 2022년 5월 23일2022년 5월 23일 by admin

CVE-2021-42586

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Source: CVE-2021-42586