Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2022-45009: bug_report/UPLOAD.md at main · realguoxiufeng/bug_report

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE
Open in Source
#vulnerability#web#windows#apple#php#chrome#webkit#sap
CVE-2022-45010: bug_report/SQLi-1.md at main · realguoxiufeng/bug_report

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.

CVE-2022-45008: bug_report/XSS-1.md at main · realguoxiufeng/bug_report

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.

CVE-2022-45326: Kwoksys 2.9.5 XXE

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

CVE-2022-45020: CVE-nu11secur1ty/vendors/rukovoditel.net/2022/rukovoditel-3.2.1 at main · nu11secur1ty/CVE-nu11secur1ty

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2022-45990: CVE-nu11secur1ty/vendors/winston-dsouza/ecommerce-website at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.

CVE-2022-45769: CVE-nu11secur1ty/vendors/clicshopping.org/2022/ClicShopping_V3 at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.

CVE-2022-46464: CVE-nu11secur1ty/vendors/concretecms.org/2022/concretecms-9.1.3 at main · nu11secur1ty/CVE-nu11secur1ty

ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".

CVE-2022-4280: Vulnerability/Information leakage vulnerability exists in findUser, a smart campus system developed by Dot Tech.md at main · Peanut886/Vulnerability

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.