» 2022 » 9월

CVE-2022-38135

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38135

Broken Access Control vulnerability in Dean Oakley’s Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Source: CVE-2022-38135

CVE-2022-38295

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.

Source: CVE-2022-38295

CVE-2022-38296

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.

Source: CVE-2022-38296

CVE-2022-38605

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38605

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

Source: CVE-2022-38605

CVE-2022-38292

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38292

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

Source: CVE-2022-38292

CVE-2022-38606

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-38606

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.

Source: CVE-2022-38606

CVE-2022-36173

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-36173

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.

Source: CVE-2022-36173

CVE-2022-36174

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-36174

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

Source: CVE-2022-36174

CVE-2022-2979

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-2979

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.

Source: CVE-2022-2979

CVE-2022-29490

Posted on 2022년 9월 13일2022년 9월 13일 by admin

CVE-2022-29490

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user’s role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Source: CVE-2022-29490