Monthly Archive: May 2022

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in...

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a...

A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. Date published : 2022-05-20...

A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. Date published : 2022-05-20...

A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. Date published : 2022-05-20...

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. Date published : 2022-05-20 https://github.com/zongdeiqianxing/rengine/issues/1

Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Date published : 2022-05-20 https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Date published : 2022-05-20 https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html

Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Date published : 2022-05-20 https://packetstormsecurity.com/files/166590/Multi-Store-Inventory-Management-System-1.0-Information-Disclosure.html

WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. Date published : 2022-05-20 https://github.com/wasm3/wasm3/issues/323 https://github.com/wasm3/wasm3/pull/324

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to...

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. Date published : 2022-05-20 https://packetstormsecurity.com/files/166481/Covid-19-Directory-On-Vaccination-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Date published : 2022-05-20 https://cxsecurity.com/issue/WLB-2022030104