CVE-2022-38614 IGB Files and OutfileService has an issue where attackers can list and download files by modifying the PATH parameter.
The vulnerability exists due to the Ingesting Service exposing a user-controlled Path variable to the application. An attacker can leverage this to append arbitrary file
CVE-2022-36586 Tenda G3 US_G3V3.0 has a buffer overflow vulnerability due to strcpy in the httpd binary.
This one can be exploited by a remote attacker to execute arbitrary code on the affected device. In order to exploit this issue, an attacker
CVE-2021-40326 Foxit PDF Reader before 11.1 and PDF Editor before 11.1 can mishandle hidden and incremental data in signed documents.
PhantomPDF, Foxit PDF Reader and Foxit PDF Editor are packed as a plugin for Firefox and Chrome. Foxit PDF Plugin before 11.1 and Foxit
CVE-2022-25644 Package @pendo324/get-process-by-name is vulnerable to Arbitrary Code Execution due to improper sanitization.
To exploit this issue, an attacker needs to construct a malicious .js file and feed it to a user. This can be done by uploading
CVE-2022-37081 TOTOLINK A7000R V9.1.0u.6115 contains a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
This issue can be exploited by an attacker by passing the following request to the targeted Apache server:
POST /cgi-bin/setTracerouteCfg HTTP/1.0 Host:
Episode
00:00:00
00:00:00