CVE-2022-41539 Wedding Planner v1.0 had an arbitrary file upload vulnerability in the /admin/users_add.php component.
To exploit this issue, an attacker needs to upload a malicious PHP file to the server. After the file is uploaded, an attacker can request
CVE-2022-34022 Injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114.
CVE-2018-1493 An issue was discovered in certain Red Hat Enterprise Linux 6 and 7 virtual machines using IPython. Due to incorrect handling of the OR
CVE-2022-41390 OcoMon v4.0 was found to have a SQL injection vulnerability on download.php.
An attacker can exploit this to access and modify data across the installation. There is no mitigations for this issue.
An update to fix this
CVE-2022-35612 An XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML.
MQTTRoute versions prior to 3.3 allow an attacker to inject arbitrary HTML or script code into the dashboard name text field (CVE-2018-19384). MQTTRoute versions
CVE-2022-41391 OcoMon v4.0 had a SQL injection vulnerability in the cod parameter of showImg.php.
An attacker can inject malicious SQL code into the cod parameter to run arbitrary SQL commands. This may lead to the disclosure of user data
Episode
00:00:00
00:00:00