CVE-2022-40663 Attackers can execute arbitrary code on NIKON NIS-Elements Viewer installations.
An attacker can leverage known vectors such as insecure content in social media sites or email messages, or lurking remote attackers to conduct a click-through
CVE-2022-29649 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
When users receive a maliciously crafted request, XSS can occur in the following ways:
In the above example, the user’s session information is transmitted
CVE-2020-36603 The mHoYoProt2.sys anti-cheat driver does not properly restrict unprivileged function calls, allowing local users to execute arbitrary code with SYSTEM privileges.
Therefore, the "run as" option in the installation wizard is disabled by default. To install the mhyprot2.sys driver, the user must click
CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.
To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to
CVE-2022-38497 LIEF's CoreFile.tcc component had a segmentation violation.
The issue was tracked down to a missing check in the code that prevented a file from being loaded that was marked as unsafe. Because
Episode
00:00:00
00:00:00