Weekly Vulnerabilities Reports > May 30 to June 5, 2022

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

StarWind SAN and NAS v0.2 build 1914 allow remote code execution.

The TikTok application before 23.7.3 for Android allows account takeover.

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass.

RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface.

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials.

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type.

An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used.

A format string vulnerability was found in libinput

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault.

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi().

Use After Free in GitHub repository vim/vim prior to 8.2.

An issue was discovered in WinAPRS 2.9.0.

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

<p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution.

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session.

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability.

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.

BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.

An issue was discovered in zzcms 2019.

An issue was discovered in zzcms 2019.

An issue was discovered in zzcms 2019.

SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation.

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

An access control bypass vulnerability found in 389-ds-base.

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.

An issue was discovered in WinAPRS 2.9.0.

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`.

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.

An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.

Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.

Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.

Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.

Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=.

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=.

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.

BigBlueButton is an open source web conferencing system.

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

Chat Server is the chat server for Vartalap, an open-source messaging application.

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings.

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw.

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly.

In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva.

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.

An issue was discovered in MCMS 5.2.7.

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability.

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network.

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.

NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.

Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=.

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely.

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.

Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=

Wedding Management System v1.0 is vulnerable to SQL Injection.

Wedding Management System v1.0 is vulnerable to SQL Injection.

Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.

DHIS2 is an information system for data capture, management, validation, analytics and visualization.

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.

eLabFTW is an electronic lab notebook manager for research teams.

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks.

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img.

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem.

Caddy v2.4 was discovered to contain an open redirect vulnerability.

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file.

SSH.NET is a Secure Shell (SSH) library for .NET.

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img.

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release.

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

BigBlueButton Greenlight 2.11.1 allows XSS.

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution.

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

BigBlueButton is an open source web conferencing system.

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force.

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding.

Play Framework is a web framework for Java and Scala.

Play Framework is a web framework for Java and Scala.

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke.

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.

SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.

CVEProject/cve-services is an open source project used to operate the CVE services API.

BigBlueButton is an open source web conferencing system.

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability.

Vapor is an HTTP web framework for Swift.

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Couchbase Server before 7.1.0 has Incorrect Access Control.

A vulnerability was found in SourceCodester Product Show Room Site 1.0.

A vulnerability was found in SourceCodester Product Show Room Site 1.0.

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system.

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data.

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads.

Use After Free in GitHub repository mruby/mruby prior to 3.2.

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage.

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration.

In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

An issue was discovered in swftools through 20201222.

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.

An issue was discovered in Pidgin before 2.14.9.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint.

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues.

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter.

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext.

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer.

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

BigBlueButton is an open source web conferencing system.

BigBlueButton is an open source web conferencing system.

Microsoft Edge (Chromium-based) Spoofing Vulnerability

solidus_backend is the admin interface for the Solidus e-commerce framework.

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

Waitress is a Web Server Gateway Interface server for Python 2 and 3.

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream.

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting.

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin.

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

adbyby v2.7 allows external users to make connections via port 8118.

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output.

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI).

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.

BigBlueButton is an open source web conferencing system.

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform.

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs).

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability.

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.

Dell PowerStore Versions before v2.1.1.0.

bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title.

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters.

FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum.

A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)

The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.

Bleve is a text indexing library for go.