» 2022 » 9월

CVE-2022-3148

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-3148

Cross-site Scripting (XSS) – Generic in GitHub repository jgraph/drawio prior to 20.3.0.

Source: CVE-2022-3148

CVE-2022-36403

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-36403

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Source: CVE-2022-36403

CVE-2022-38400

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-38400

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.

Source: CVE-2022-38400

CVE-2022-38399

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-38399

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product’s specific serial connection

Source: CVE-2022-38399

CVE-2022-34869

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-34869

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

Source: CVE-2022-34869

CVE-2022-38094

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-38094

OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

Source: CVE-2022-38094

CVE-2022-35273

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-35273

OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

Source: CVE-2022-35273

CVE-2022-38394

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-38394

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.

Source: CVE-2022-38394

CVE-2022-28220

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

Source: CVE-2022-28220

CVE-2022-33941

Posted on 2022년 9월 8일2022년 9월 8일 by admin

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

Source: CVE-2022-33941