CVE-2022-2433 The WordPress Infinite Scroll Ajax plugin is vulnerable to deserialization of untrusted input, as long as the plugin version is up to 5.5.3.
This can be accomplished through a number of methods depending on the web server configuration and the capabilities of the target. Some of the more
CVE-2022-40110 TOTOLINK A3002R is vulnerable to Buffer Overflow via /bin/boa
When /bin/boa is called, it will call the function pointed to by 'Fastcgi_parameters' which accepts user-supplied data via 'arg_v[
CVE-2022-39051 An attacker might be able to execute malicious Perl code in Template by having the admin install an unverified 3rd party package.
On a web server, where the Template is being used. The Template toolkit implementation of Perl is vulnerable to XSS attacks because it is implemented
CVE-2022-36636 The Garage Management System v1.0 SQL injection vulnerability was found at /print.php.
An attacker can inject SQL queries, run arbitrary PHP code, or obtain sensitive information by using the id parameter as an access token. The updated
CVE-2022-36582 An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code.
This is a file upload vulnerability and a user with file upload privileges can upload malicious files or corrupt files via the component /php_action/
Episode
00:00:00
00:00:00