Monthly Archive: May 2022

In SpringBootMovie

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. Date published : 2022-05-03 https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. Date published : 2022-05-03 https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 https://github.com/libsdl-org/SDL_ttf/issues/187

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. Date published : 2022-05-03 https://github.com/wuzhicms/wuzhicms/issues/200

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. Date published : 2022-05-03 https://github.com/kishan0725/Hospital-Management-System/issues/19

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. Date published : 2022-05-03 https://github.com/HH1F/Hospital-Management-System-V1.0-SQLi

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. Date published :...

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Date published : 2022-05-03 https://github.com/go-gitea/gitea/pull/19072

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the...

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. Date published : 2022-05-03 https://www.ibm.com/support/pages/node/6579139 https://exchange.xforce.ibmcloud.com/vulnerabilities/221012

In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...