CVE-2022-25625
A malicious unauthorized PAM user can access the administration configuration data and change the values. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Devamını oku
CVE-2022-25617
Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
CVE-2022-2561
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results…
CVE-2022-2560
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.…
CVE-2022-2559
The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
CVE-2022-2556
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example Zafiyet ile…
CVE-2022-2554
The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…
CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak:…
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. Devamını Oku Kaynak: NIST
CVE-2022-2547
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
CVE-2022-2546
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session.…
CVE-2022-2543
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database