CVE-2022-36258
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
Source: CVE-2022-36258
[월:] 2022년 09월
CVE-2022-36257
CVE-2022-36257
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
Source: CVE-2022-36257
CVE-2022-36259
CVE-2022-36259
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
Source: CVE-2022-36259
CVE-2022-36256
CVE-2022-36256
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
Source: CVE-2022-36256
CVE-2022-34109
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory PromoPhoto, regardless of file type or size.
Source: CVE-2022-34109
CVE-2022-36254
CVE-2022-36254
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".
Source: CVE-2022-36254
CVE-2022-36255
CVE-2022-36255
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
Source: CVE-2022-36255
CVE-2022-34108
CVE-2022-34108
An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.
Source: CVE-2022-34108
CVE-2022-34110
CVE-2022-34110
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.
Source: CVE-2022-34110
CVE-2022-38972
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
Source: CVE-2022-38972