CVE-2022-3221
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.
Source: CVE-2022-3221
[월:] 2022년 09월
CVE-2022-31735
CVE-2022-31735
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.
Source: CVE-2022-31735
CVE-2022-40738
CVE-2022-40738
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write.
Source: CVE-2022-40738
CVE-2022-40737
CVE-2022-40737
An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields.
Source: CVE-2022-40737
CVE-2022-40736
CVE-2022-40736
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.
Source: CVE-2022-40736
CVE-2022-38595
CVE-2022-38595
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
Source: CVE-2022-38595
CVE-2022-38594
CVE-2022-38594
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
Source: CVE-2022-38594
CVE-2022-38352
CVE-2022-38352
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component LeagueFlysystemCachedStoragePsr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
Source: CVE-2022-38352
CVE-2022-38323
CVE-2022-38323
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Source: CVE-2022-38323
CVE-2018-25047
CVE-2018-25047
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Source: CVE-2018-25047