security.didici.cc
CVE-2022-29272
6 hours agoIn Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVE-2022-31897
6 hours agoSourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visi
tor?msg=.
CVE-2022-28803
6 hours agoIn SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
CVE-2022-29269
6 hours agoIn Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVE-2022-31266
6 hours agoIn ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
CVE-2022-29270
6 hours agoIn Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVE-2022-29271
6 hours agoIn Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVE-2022-32532
7 hours agoApache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVE-2022-31884
9 hours agoMarval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887
9 hours agoMarval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator passwo ...
CVE-2022-29858
9 hours agoSilverstripe silverstripe/assets through 1.10 allows XSS.
CVE-2021-41559
9 hours agoSilverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
CVE-2020-19897
9 hours agoA reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2020-19896
9 hours agoFile inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2022-24444
9 hours agoSilverstripe silverstripe/framework through 4.10 allows Session Fixation.
CVE-2022-25238
9 hours agoSilverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to tru ...
CVE-2022-31886
10 hours agoMarval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
CVE-2022-31883
10 hours agoMarval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
CVE-2022-31885
10 hours agoMarval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVE-2021-3431
11 hours agoAssertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-7548-
5m6f-mqv9
CVE-2022-2231
11 hours agoNULL Pointer Dereference in GitHub repository vim/vim prior to 8.,2.
CVE-2021-3432
11 hours agoInvalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-7364-
p4wc-8mj4
CVE-2021-3433
11 hours agoInvalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-3c2f-
w4v6-qxr ...
CVE-2021-3434
11 hours agoStack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-8w87-
6rfp-cfrm
CVE-2021-3435
11 hours agoInformation leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-xhg3-
gvj6-4rqh
CVE-2021-3430
11 hours agoAssertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyr
project-rtos/zephyr/secur
ity/advisories/GHSA-46h3-
hjcq-2jjr
CVE-2022-2246
11 hours agoPrototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3.
CVE-2022-31230
12 hours agoDell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
CVE-2022-31229
12 hours agoDell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to acc ...
CVE-2022-31108
12 hours agoMermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change t ...
CVE-2022-2145
13 hours agoCloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
CVE-2022-31106
13 hours agoUnderscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deep ...
CVE-2022-28621
13 hours agoA remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.
CVE-2022-31056
13 hours agoGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This i ...
CVE-2022-31061
13 hours agoGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials a ...
CVE-2022-31068
13 hours agoGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature ...
CVE-2022-33108
14 hours agoXPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
CVE-2022-31052
14 hours agoSynapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recove ...
CVE-2022-0987
14 hours agoA flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
CVE-2021-3779
14 hours agoA malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
CVE-2021-40553
14 hours agopiwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
CVE-2022-0085
16 hours agoServer-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
CVE-2022-30562
17 hours agoIf the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an att ...
CVE-2022-30560
17 hours agoWhen an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
CVE-2022-23763
17 hours agoOrigin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious co ...
CVE-2022-30563
17 hours agoWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
CVE-2022-30561
17 hours agoWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
CVE-2022-34750
18 hours agoAn issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various deni ...
CVE-2022-30997
18 hours agoUse of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmw ...
CVE-2022-23896
18 hours agoAdmidio 4.1.2 version is affected by stored cross-site scripting (XSS).
CVE-2022-30707
18 hours agoViolation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS functio ...
CVE-2022-29519
18 hours agoCleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with de ...
CVE-2021-41460
18 hours agoECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2021-41690
18 hours agoDCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An a ...
CVE-2021-41687
18 hours agoDCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to laun ...
CVE-2021-41688
18 hours agoDCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS ...
CVE-2021-41689
18 hours agoDCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch ...
CVE-2021-40607
18 hours agoThe schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40606
18 hours agoThe gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40944
18 hours agoIn GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pi
d.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40943
18 hours agoIn Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspect
or::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40609
18 hours agoThe GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40608
18 hours agoThe gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2022-0624
22 hours agoAuthorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
CVE-2017-20105
1 day agoA vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f
..%2f..%2f..%2f..%2f..%2f
..%2f..%2f..%2f..%2f..%2f
..%2f ...
CVE-2017-20107
1 day agoA vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has ...
CVE-2017-20106
1 day agoA vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forge ...
CVE-2017-20104
1 day agoA vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated r ...
CVE-2022-31104
1 day agoWasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation o ...
CVE-2022-34133
1 day agoBenjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/L
eaves.php.
CVE-2022-34134
1 day agoBenjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/
Users.php.
CVE-2022-34132
1 day agoBenjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/L
eaves.php.
CVE-2022-31099
1 day agorulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing ...
CVE-2022-32995
1 day agoHalo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
CVE-2022-33009
1 day agoA stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
CVE-2022-31101
1 day agoprestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There ...
CVE-2022-32994
1 day agoHalo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/up
load.
CVE-2022-31103
1 day agolettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-let ...
CVE-2022-32092
1 day agoD-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
CVE-2022-33007
1 day agoTRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.
CVE-2022-31093
1 day agoNextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` ...
CVE-2022-33879
1 day agoThe initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingConten
tHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingConten
tHandler. These are now fixed in 1.2 ...
CVE-2022-31100
1 day agorulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or ...
CVE-2022-31096
1 day agoDiscourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of ...
CVE-2022-31098
1 day agoWeave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive clus ...
CVE-2022-31092
1 day agoPimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by d ...
CVE-2022-31091
1 day agoGuzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should ...
CVE-2022-31090
1 day agoGuzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a r ...
CVE-2017-20103
1 day agoA vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select
(sleep(2)) ...
CVE-2022-31086
1 day agoLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerabilit ...
CVE-2022-33116
1 day agoAn issue in the jmpath variable in /modules/mindmap/index.ph
p of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
CVE-2022-33005
1 day agoA cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
CVE-2022-31087
1 day agoLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/ ...
CVE-2022-31084
1 day agoLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the fi ...
CVE-2022-31089
1 day agoParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Serve ...
CVE-2022-31085
1 day agoLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension ...
CVE-2022-31094
1 day agoScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over i ...
CVE-2022-31082
1 day agoGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection ca ...
CVE-2022-31088
1 day agoLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP se ...
CVE-2022-31081
1 day agoHTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are ...