CVE-2022-1361 CVSS:0.0
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-1359 CVSS:0.0
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-1358 CVSS:0.0
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-30054 CVSS:0.0
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-30053 CVSS:0.0
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-30052 CVSS:0.0
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-29436 CVSS:0.0
Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-29435 CVSS:0.0
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-24391 CVSS:0.0
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. (Last Update:2022-05-17) (Publish Update:2022-05-17)
CVE-2022-23706 CVSS:0.0
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. (Last Update:2022-05-17) (Publish Update:2022-05-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com