Total
138 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-02-04 | N/A | 6.5 MEDIUM |
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | |||||
CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | |||||
CVE-2022-2544 | 1 Wpmanageninja | 1 Ninja Job Board | 2024-02-04 | N/A | 7.5 HIGH |
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | |||||
CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2024-02-04 | N/A | 8.0 HIGH |
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | |||||
CVE-2021-40616 | 1 Thinkcmf | 1 Thinkcmf | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | |||||
CVE-2021-44582 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | |||||
CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | |||||
CVE-2022-29238 | 1 Jupyter | 1 Notebook | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. | |||||
CVE-2022-31485 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. | |||||
CVE-2022-24385 | 1 Smartertools | 1 Smartertrack | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | |||||
CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
CVE-2022-31480 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. | |||||
CVE-2022-31484 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. | |||||
CVE-2022-31847 | 1 Wavlink | 2 Wn579x3, Wn579x3 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | |||||
CVE-2022-28799 | 1 Tiktok | 1 Tiktok | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. | |||||
CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
CVE-2022-26159 | 1 Ametys | 1 Ametys | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. | |||||
CVE-2021-34588 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . | |||||
CVE-2022-28991 | 1 Bdtask | 1 Multi Store Inventory Management System | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. |