CVE-2022-34324
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
Source: CVE-2022-34324
[월:] 2023년 01월
CVE-2022-37785
CVE-2022-37785
An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.
Source: CVE-2022-37785
CVE-2022-37786
CVE-2022-37786
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.
Source: CVE-2022-37786
CVE-2022-37787
CVE-2022-37787
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.
Source: CVE-2022-37787
CVE-2022-40711
CVE-2022-40711
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.
Source: CVE-2022-40711
CVE-2022-47634
CVE-2022-47634
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
Source: CVE-2022-47634
CVE-2022-45213
CVE-2022-45213
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
Source: CVE-2022-45213
CVE-2022-45027
CVE-2022-45027
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
Source: CVE-2022-45027
CVE-2022-48198
CVE-2022-48198
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot’s behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.
Source: CVE-2022-48198
CVE-2021-41823
CVE-2021-41823
The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.
Source: CVE-2021-41823