CVE-2022-37681 An attacker can perform a directory traversal on the endpoint /ptippage.cgi with versions 1.07 and below of ISnex Kokusai ISNex HC-IP9100HD.
A cross-site request forgery (CSRF) vulnerability in the web interface of the device allows attackers to perform an unauthorized login by tricking users into performing
CVE-2022-37059 XSS in Subrion CMS 4.2.1 Login Field allows attacker to inject arbitrary code.
By using this vulnerability an attacker can steal cookie information and execute malicious code on the system of the affected website. In case of XSS
CVE-2022-36194 An Attacker could leverage the XSS in the Pollers > Broker Configuration function of Actron Encentreon 22.04.0 to inject malicious code.
By manipulating the name parameter, an attacker can inject malicious code into the application’s code, which can lead to session hijacking and other forms
CVE-2022-36720 The v1.0 Library Management System was found to have a SQL injection vulnerability.
An attacker can leverage this vulnerability to execute arbitrary SQL commands against the affected system. An attacker exploiting this vulnerability can install applications, view data,
CVE-2018-14519 An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw
The vulnerability can be exploited by remote attackers via CSRF cookies. The security issue affects all users using the delete pages functionality.
CVE Solution -
Episode
00:00:00
00:00:00