Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote...
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. Date published...
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST[‘pkg_filter’] in a PHP echo call. Date published : 2022-01-26 https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Date published : 2022-01-26 https://github.com/libexpat/libexpat/pull/551
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of...
In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1...
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and...
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 via the description parameter in room_list. Date published : 2022-01-26 https://github.com/Sant268/CVE-2022-22852/blob/main/CVE-2022-22852.md https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 via the specialization parameter in doctors.php Date published : 2022-01-26 https://github.com/Sant268/CVE-2022-22851/commit/17381378bdb7c9f7b3326af6fb79cf68ca9f9d3d https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 via the description parameter in room_types. Date published : 2022-01-26 https://github.com/Sant268/CVE-2022-22850/blob/main/CVE-2022-22850.md https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions...
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an...
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are...
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The...