CWE:
 

Topic
Date
Author
Low
MiniDVBLinux 5.4 Arbitrary File Read
18.10.2022
LiquidWorm
High
Active eCommerce CMS 6.3.0 Arbitrary File Download
28.09.2022
th3d1gger
High
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read
07.09.2022
Anonymouse
Low
SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure
22.06.2022
Yvan Genuer
Med.
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
06.06.2022
Julien Ahrens
High
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
24.03.2022
Hassan Khan Yusufzai
High
TermTalk Server 3.24.0.2 Arbitrary File Read
05.01.2022
Fabiano Golluscio
High
Oliver Library Server v5 Arbitrary File Download
19.12.2021
Mandeep Singh, Ishaan ...
Med.
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
09.12.2021
s1gh
High
TestLink 1.19 Arbitrary File Download
09.12.2021
Gonzalo Villegas
Med.
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
05.12.2021
Uriel Yochpaz
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)
03.12.2021
Uriel Yochpaz
High
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
16.11.2021
Rizal Muhammed
Med.
SAP Enterprise Portal Sensitive Data Disclosure
23.10.2021
Yvan Genuer
High
WordPress Duplicator 1.3.26 Arbitrary File Read
18.10.2021
nam3lum
High
Atlassian Confluence Server 7.5.1 Arbitrary File Read
06.10.2021
Mayank Deshmukh
Med.
WordPress BulletProof Security 5.1 Information Disclosure
06.10.2021
Ron Jost
Med.
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
30.07.2021
LiquidWorm
High
ES File Explorer 4.1.9.7.4 Arbitrary File Read
29.06.2021
Nehal Zaman
Med.
SAP Hybris eCommerce Information Disclosure
15.06.2021
Gaston Traberg
High
Hasura GraphQL 1.3.3 Arbitrary File Read
22.04.2021
Dolev Farhi
High
Novel Boutique House-plus 3.5.1 Arbitrary File Download
29.03.2021
tuyiqiang
Med.
Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)
14.01.2021
Suncsr
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)
06.01.2021
SunCSR
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
Med.
Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)
18.12.2020
Nguyen
High
Gitlab 12.9.0 Arbitrary File Read (Authenticated)
19.11.2020
Jasper Rasenberg
Low
Amazon Web Services - Database Disclosure (Sensitive Information)
13.09.2020
Gh05t666nero
Med.
HelloWeb 2.0 Arbitrary File Download
11.07.2020
bRpsd
High
jizhi CMS 1.6.7 Arbitrary File Download
21.04.2020
iej1ctk1g
High
Webtateas 2.0 Arbitrary File Read
15.04.2020
CBIITMC
Low
UniSharp Laravel File Manager 2.0.0 Arbitrary File Read
04.03.2020
NgoAnhDuc
Low
Antiprizuv Form-Data Log Emails Information Disclosure
26.12.2019
L4663r666h05t
High
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read
03.09.2019
Todor Donev
Med.
Joomla JS Support Ticket 1.1.5 Arbitrary File Download
09.08.2019
qw3rTyTy
Med.
DuckSell 3.0.0 Database Disclosure
10.06.2019
KingSkrupellos
Med.
SmartLIB Library Software Database Disclosure
03.06.2019
KingSkrupellos
Med.
OpenEvSys Software 2.2 Database Disclosure
02.06.2019
KingSkrupellos
Med.
Open-EMR HealthCare Software 5.0.1 Database Disclosure
02.06.2019
KingSkrupellos
Med.
GinoCMS Software 2.x Database Disclosure
02.06.2019
KingSkrupellos
Med.
OCSInventory-NG Software CMS 2.6 RC Database Disclosure
02.06.2019
KingSkrupellos
Med.
AgniCMS 1.6 Database Disclosure
02.06.2019
KingSkrupellos
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
28.04.2019
Cisco Talos
Low
Sierra Wireless AirLink ES450 ACEManager Information Disclosure
28.04.2019
Cisco Talos
Med.
RingsDB Software 1.0.0 Database Disclosure
20.04.2019
KingSkrupellos
Med.
NIT-Warangal Dispensary Management System India 1.0 Database Disclosure
17.04.2019
KingSkrupellos
Med.
CyberShadeCMS v1 Database Disclosure
14.04.2019
KingSkrupellos
Med.
PragyanCMS 3.0 Beta Database Disclosure
14.04.2019
KingSkrupellos
Med.
TarichiCMS Web Publishing System v2 Database Disclosure
14.04.2019
KingSkrupellos
Med.
Opus Online Placement University System 4.2.0 Database Disclosure
12.04.2019
KingSkrupellos
Med.
OrangeScrum Project Management Software 1.6.1 Database Disclosure
12.04.2019
KingSkrupellos
Med.
Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure
12.04.2019
KingSkrupellos
Med.
JobSkee Open Source JobBoard 1.1.3 Database Disclosure
12.04.2019
KingSkrupellos
Med.
MajorDoMo Domestic Module Database Disclosure
10.04.2019
KingSkrupellos
High
Themosis Framework BookStore 1.3.0 Database Disclosure
10.04.2019
KingSkrupellos
High
NekoCMS 2.5 Database Disclosure
10.04.2019
KingSkrupellos
High
YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure
10.04.2019
KingSkrupellos
Med.
Norbye CMS Database Disclosure
10.04.2019
KingSkrupellos
Med.
Nova CMS Software 3.77.3 Database Disclosure
08.04.2019
KingSkrupellos
Med.
NeoFragCMS Alpha 0.2.1 Database Disclosure
05.04.2019
KingSkrupellos
High
TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure
05.04.2019
KingSkrupellos
High
YonaCMS Software 1.3.2 Database Disclosure
05.04.2019
KingSkrupellos
Med.
Senayan Slims Meranti 5 Database Disclosure
04.04.2019
KingSkrupellos
Med.
ClipBucket 2.6 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Luya CMS 1.0.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
OpenMonero MyMonero 1.1.9 Database Disclosure
04.04.2019
KingSkrupellos
Med.
RainCMS Alpha 1.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Complaint Management System CMS 4.0.4.1 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Mash Project Integrated 4.2.7.1 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
DataWrapper ProtoType 0.8 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Ektron CMS 9 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Shinobi Security Software 1.0 Database Disclosure Exploit
02.04.2019
KingSkrupellos
High
WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure
28.03.2019
KingSkrupellos
Med.
WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure
27.03.2019
KingSkrupellos
Med.
Independent University of Bangladesh IUB Database Disclosure
22.03.2019
KingSkrupellos
Med.
F3-CMS FatFreeFramework 0.0.1 Database Disclosure
15.02.2019
KingSkrupellos
High
WordPress Ad Manager WD 1.0.11 Arbitrary File Download
29.01.2019
41!kh4224rDz
Med.
Papoo CMS PKalender Plugins 3.5 Database Disclosure
28.01.2019
KingSkrupellos
Med.
Joomla RSFirewall Components 2.11.25 Database and Password Disclosure
25.01.2019
KingSkrupellos
Med.
Joomla JVFramework Components 1.6.4.0 Database Disclosure
21.01.2019
KingSkrupellos
Med.
Joomla Akeeba Backup Components 6.3.3 Database Disclosure
19.01.2019
KingSkrupellos
Med.
Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection
19.01.2019
KingSkrupellos
Low
Mozilla Firefox 64 Information Disclosure
18.01.2019
Dr. Vladimir Bostanov
Med.
Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure
18.01.2019
KingSkrupellos
Med.
eBrigade ERP 4.5 Arbitrary File Download
11.01.2019
Ozkan Mustafa Akkus
Med.
Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure
04.01.2019
KingSkrupellos
Med.
PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure
01.01.2019
KingSkrupellos
Med.
Drupal 7 CivicRM Modules 5.8.2 Database Disclosure
01.01.2019
KingSkrupellos
Med.
WordPress Universal Post Manager 1.5.0 Database Disclosure
26.11.2018
KingSkrupellos
Med.
Joomla MacGallery Database Disclosure
26.11.2018
KingSkrupellos
Med.
EverSync 0.5 Arbitrary File Download
16.11.2018
Ihsan Sencan


CVEMAP Search Results

CVE
Details
Description
2022-12-08
Waiting for details
CVE-2022-46158

Updating...
 

 
PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.

 
Waiting for details
CVE-2022-23469

Updating...
 

 
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.

 
2022-12-05
Waiting for details
CVE-2022-3907

Updating...
 

 
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.

 
Waiting for details
CVE-2022-3694

Updating...
 

 
The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account.

 
2022-12-03
Waiting for details
CVE-2022-4280

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.

 
2022-11-30
Waiting for details
CVE-2022-4228

Updating...
 

 
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.

 
2022-11-29
Waiting for details
CVE-2022-46150

Updating...
 

 
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.

 
2022-11-28
Waiting for details
CVE-2022-41944

Updating...
 

 
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.

 
2022-11-25
Waiting for details
CVE-2022-41954

Updating...
 

 
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.

 
Waiting for details
CVE-2022-41926

Updating...
 

 
Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top