» 2022 » 9월

CVE-2022-39838

Posted on 2022년 9월 6일2022년 9월 6일 by admin

CVE-2022-39838

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Source: CVE-2022-39838

CVE-2022-30331

Posted on 2022년 9월 6일2022년 9월 6일 by admin

CVE-2022-30331

** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor’s position is "GSQL was behaving as expected."

Source: CVE-2022-30331

CVE-2022-3122

Posted on 2022년 9월 5일2022년 9월 6일 by admin

CVE-2022-3122

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.

Source: CVE-2022-3122

CVE-2022-3121

Posted on 2022년 9월 5일2022년 9월 6일 by admin

CVE-2022-3121

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability.

Source: CVE-2022-3121

CVE-2022-2271

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-2271

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Source: CVE-2022-2271

CVE-2022-3127

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-3127

Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 20.2.8.

Source: CVE-2022-3127

CVE-2022-2376

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-2376

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Source: CVE-2022-2376

CVE-2022-2083

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-2083

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.

Source: CVE-2022-2083

CVE-2022-2543

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-2543

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

Source: CVE-2022-2543

CVE-2022-2597

Posted on 2022년 9월 5일2022년 9월 5일 by admin

CVE-2022-2597

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts

Source: CVE-2022-2597