CVE-2022-30997 CWE-798 Reference url : https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Reference name : https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Reference source : MISC Reference tags : Mitigation Reference lang :en Reference description : Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
CVE-2022-30997 CWE-798 Reference url : https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Reference name : https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Reference source : MISC Reference tags : Mitigation Reference lang :en Reference description : Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
CVE-2017-20106 CWE-918 Reference url : https://www.vulnerability-lab.com/get_content.php?id=2030 Reference name : N/A Reference source : N/A Reference tags : Exploit Reference lang :en Reference description : A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2022-33043 CWE-79 Reference url : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference name : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference source : MISC Reference tags : Exploit Reference lang :en Reference description : A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
CVE-2022-33043 CWE-79 Reference url : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference name : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference source : MISC Reference tags : Exploit Reference lang :en Reference description : A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
CVE-2022-33043 CWE-79 Reference url : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference name : https://github.com/chen-jerry-php/vim/blob/main/core_tmp.md Reference source : MISC Reference tags : Exploit Reference lang :en Reference description : A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
CVE-2022-32532 CWE-863 Reference url : https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh Reference name : https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh Reference source : MISC Reference tags : Mailing List Reference lang :en Reference description : Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVE-2022-32532 CWE-863 Reference url : https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh Reference name : https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh Reference source : MISC Reference tags : Mailing List Reference lang :en Reference description : Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVE-2022-31887 CWE-522 Reference url : https://marvalglobal.com/ Reference name :<
Vulnerabilité
CVE-2022-31887 CWE-522 Reference url : https://marvalglobal.com/ Reference name : https://marvalglobal.com/ Reference source : MISC Reference tags : Product Reference lang :en Reference description : Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any users password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.