Skip to content

TechMedia

Header Image
Category

CRITICAL

104 Posts

Featured

Posted byWpmaster
[vm2] vm2 vulnerable to sandbox escape
Posted byWpmaster
[go.etcd.io/etcd/v3] Etcd-io Improper Authentication vulnerability
Posted byWpmaster
[github.com/sjqzhang/go-fastdfs] sjqzhang go-fastdfs vulnerable to path traversal
Posted byWpmaster
[knplabs/knp-snappy] PHAR deserialization allowing remote code execution

[ttskch/pagination-service-provider] PaginationServiceProvider SQL Injection vulnerability

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/08/202301/13/2023

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql i…

[github.com/square/squalor] Squalor SQL Injection vulnerability

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/08/202301/13/2023

A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc34471104…

[github.com/elgs/gosqljson] gosqljson SQL Injection vulnerability

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/08/202301/13/2023

A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The …

[kelvinmo/simplexrd] kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/08/202301/13/2023

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1….

[com.anrisoftware.globalpom:globalpomutils] globalpom-utils has Insecure Temporary File

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/13/2023

A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/…

[himiklab/yii2-jqgrid-widget] himiklab yii2-jqgrid-widget vulnerable to SQL Injection

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/13/2023

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading…

[himiklab/yii2-jqgrid-widget] himiklab yii2-jqgrid-widget vulnerable to SQL Injection

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/13/2023

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading…

[github.com/KubeOperator/kubepi] KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/07/2023

Summary
The jwt authentication function of kubepi <= v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any onlin…

[org.xwiki.contrib:application-ckeditor-ui] XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/11/2023

Impact
The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET requ…

[dbrisinajumi/d2files] DBRisinajumi d2files SQL Injection vulnerability

  • Posted inCRITICAL
  • Posted byWpmaster
  • 01/07/202301/13/2023

A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Up…

Posts navigation

Previous Posts 1 2 3 4 5 … 11 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close