CVE-2022-32149 - How a Malicious Accept-Language Header Can Bring Down Your Go Server
When we think of web application attacks, we often picture SQL injections or XSS. But sometimes, the mildly boring headers we ignore can open up
CVE-2022-3504 An issue was found in SourceCodester Sanitization Management System and classified as critical. The id argument can be manipulated to bring sql injection.
The latest software version is 3.1.0 and was released on 2017-01-13. The vendors involved in the development of this software are SourceCodester and
CVE-2022-35058 A commit 617837b of the OFTC commit bot was found to have a heap buffer overflow.
This issue is resolved in version 2018.3.1p1, which was released on March 6, 2018. An attacker could leverage these vulnerabilities to execute arbitrary
CVE-2022-3496 A critical vulnerability was found in SourceCodester HRMS 1.0 and affects the Admin Panel component.
The affected component can be exploited by remote attackers via a request sent to the targeted server. The hacker doesn’t require authentication to exploit
CVE-2022-3495 A critical vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and affected code of the file /opac/Actions.php?a=login. It compromises the Admin Login component.
The security risk of manipulating the username/password argument via sql injection in SourceCodester Simple Online Public Access Catalog 1.0 is estimated as critical.
Episode
00:00:00
00:00:00