What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-13 08:15:10 | CVE-2023-1365 (lien direct) | A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222872. | Vulnerability Guideline | ||
|
2023-03-13 08:15:09 | CVE-2023-1364 (lien direct) | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222871. | Vulnerability Guideline | ||
|
2023-03-13 06:15:17 | CVE-2023-1363 (lien direct) | A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-03-12 15:15:28 | CVE-2016-15028 (lien direct) | A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847. | Vulnerability Guideline | ||
|
2023-03-12 09:15:10 | CVE-2023-1360 (lien direct) | A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863. | Vulnerability Guideline | ||
|
2023-03-12 08:15:10 | CVE-2023-1358 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability. | Guideline | ||
|
2023-03-12 08:15:10 | CVE-2023-1359 (lien direct) | A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-12 08:15:09 | CVE-2023-1357 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860. | Vulnerability Guideline | ||
|
2023-03-11 21:15:09 | CVE-2013-10021 (lien direct) | A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. | Vulnerability Guideline | ||
|
2023-03-11 18:15:43 | CVE-2023-1353 (lien direct) | A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852. | Vulnerability Guideline | ||
|
2023-03-11 18:15:43 | CVE-2023-1354 (lien direct) | A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-11 18:15:43 | CVE-2023-1352 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851. | Vulnerability Guideline | ||
|
2023-03-11 12:15:16 | CVE-2023-1351 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-11 09:15:10 | CVE-2023-1350 (lien direct) | A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. | Vulnerability Guideline | ||
|
2023-03-11 09:15:09 | CVE-2023-1349 (lien direct) | A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-03-10 22:15:10 | CVE-2023-27532 (lien direct) | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | Vulnerability Guideline | ||
|
2023-03-10 21:15:15 | CVE-2023-25146 (lien direct) | A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Vulnerability Guideline Prediction | ||
|
2023-03-10 21:15:14 | CVE-2022-47479 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47483 (lien direct) | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47484 (lien direct) | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47481 (lien direct) | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47478 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47480 (lien direct) | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:14 | CVE-2022-47482 (lien direct) | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47472 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47461 (lien direct) | In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47473 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47460 (lien direct) | In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47477 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47458 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47455 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47474 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47459 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47476 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47453 (lien direct) | In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47456 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47462 (lien direct) | In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47454 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47471 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47475 (lien direct) | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-03-10 21:15:13 | CVE-2022-47457 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-03-10 17:15:09 | CVE-2023-1328 (lien direct) | A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2023-03-10 17:02:50 | Blackbaud Fined $3M For \'Misleading Disclosures\' About 2020 Ransomware Attack (lien direct) | >Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers. | Ransomware Guideline | ★★ | |
|
2023-03-10 16:15:11 | CVE-2023-1321 (lien direct) | A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727. | Vulnerability Guideline | ||
|
2023-03-10 16:15:11 | CVE-2023-1322 (lien direct) | A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728. | Vulnerability Guideline | ||
|
2023-03-10 16:15:10 | CVE-2023-0746 (lien direct) | The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | Guideline | ||
 |
2023-03-10 12:48:07 | Security researchers targeted with new malware via job offers on LinkedIn (lien direct) | A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. [...] | Malware Guideline | ★★★ | |
|
2023-03-10 08:15:10 | CVE-2023-1311 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699. | Vulnerability Guideline | ||
|
2023-03-10 08:15:10 | CVE-2023-1310 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-03-10 08:15:10 | CVE-2023-1309 (lien direct) | A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222697 was assigned to this vulnerability. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
