Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2022-05-18
CVE-2022-23068
Updating...
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
2022-05-11
Medium
CVE-2022-22975
Vendor:
Vmware
Software:
Pinniped
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
2022-05-02
Medium
CVE-2022-23064
Vendor:
Snipeitapp
Software:
Snipe-it
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
2022-04-28
High
CVE-2022-1509
Vendor:
Hestiacp
Software:
Control panel
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
Low
CVE-2022-29816
Vendor:
Jetbrains
Software:
Intellij idea
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
2022-04-11
Medium
CVE-2022-24832
Vendor:
Thoughtworks
Software:
GOCD
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144.
Medium
CVE-2021-22055
Vendor:
Vmware
Software:
Photon os
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
2022-04-09
Medium
CVE-2022-1287
Vendor:
School club application system project
Software:
School club ...
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.
2022-04-05
Medium
CVE-2021-39114
Vendor:
Atlassian
Software:
Confluence d...
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
2022-04-01
Medium
CVE-2021-27493
Vendor:
Philips
Software:
Myvue
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Copyright
2022
, cxsecurity.com
Back to Top