» 2022 » 10월

CVE-2022-43230 (simple_cold_storage_managment_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43230 (simple_cold_storage_managment_system)

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.

Source: CVE-2022-43230 (simple_cold_storage_managment_system)

CVE-2022-43231 (canteen_management_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43231 (canteen_management_system)

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Source: CVE-2022-43231 (canteen_management_system)

CVE-2022-43232 (canteen_management_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43232 (canteen_management_system)

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.

Source: CVE-2022-43232 (canteen_management_system)

CVE-2022-43228 (barangay_management_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43228 (barangay_management_system)

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.

Source: CVE-2022-43228 (barangay_management_system)

CVE-2022-43233 (canteen_management_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43233 (canteen_management_system)

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.

Source: CVE-2022-43233 (canteen_management_system)

CVE-2022-43229 (simple_cold_storage_managment_system)

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-43229 (simple_cold_storage_managment_system)

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.

Source: CVE-2022-43229 (simple_cold_storage_managment_system)

CVE-2022-41648

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-41648

The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line.

Source: CVE-2022-41648

CVE-2022-41636

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-41636

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.

Source: CVE-2022-41636

CVE-2022-3228

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.

Source: CVE-2022-3228

CVE-2022-2475

Posted on 2022년 10월 29일2022년 10월 29일 by admin

CVE-2022-2475

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.

Source: CVE-2022-2475