CVE-2022-29649 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
When users receive a maliciously crafted request, XSS can occur in the following ways:
In the above example, the user’s session information is transmitted
CVE-2020-36603 The mHoYoProt2.sys anti-cheat driver does not properly restrict unprivileged function calls, allowing local users to execute arbitrary code with SYSTEM privileges.
Therefore, the "run as" option in the installation wizard is disabled by default. To install the mhyprot2.sys driver, the user must click
CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.
To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to
CVE-2022-38497 LIEF's CoreFile.tcc component had a segmentation violation.
The issue was tracked down to a missing check in the code that prevented a file from being loaded that was marked as unsafe. Because
CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
The Microsoft Dynamics CRM Remote Code Execution Vulnerability exists due to software implementation failure. A remote attacker can leverage the vulnerability to run arbitrary code
Episode
00:00:00
00:00:00