CVE-2022-25394
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. Devamını Oku Kaynak: NIST
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. Devamını Oku Kaynak: NIST
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. Devamını Oku Kaynak: NIST
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Devamını Oku Kaynak: NIST
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. Devamını Oku Kaynak: NIST
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Devamını Oku Kaynak: NIST
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. Devamını Oku Kaynak: NIST
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Devamını Oku Kaynak: NIST
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. Devamını Oku Kaynak: NIST
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability…
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called ‘association groups’. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended,…
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…