CVE-2022-23726 Previous versions of the PingCentral Ping API exposed Spring Boot actuator endpoints with administrative authentication that gives away sensitive information.
The most common attack scenario is via an outside party using a web crawling tool to search for available endpoints and then craft a request
CVE-2022-41437 Billing System Project v1.0 had a remote code execution vulnerability in the createProduct.php component.
This can be leveraged to install a custom PHP script onto the system via a remote attacker. An attacker can leverage this RCE vulnerability to
CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.
In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a
CVE-2022-37346 The Product Image Bulk Upload Plugin has an insufficient verification vulnerability when uploading files.
There is currently no known exploit for this issue. However, we recommend updating to version 4.1.0 or higher as soon as possible. Vulnerable
CVE-2022-40354 The v1.0 of the Tours & Travels Management System was found to have a SQL injection vulnerability.
An attacker can inject malicious code to run arbitrary SQL commands. This vulnerability can be exploited by hackers to compromise the system, obtain sensitive information
Episode
00:00:00
00:00:00