CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
2023-02-15
N/A
7.2 HIGH
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
2023-02-10
N/A
9.8 CRITICAL
A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175.
Animated_smiley_generator, Archive_tar, Ar_memberscript, Blog_cms, Bloq, Com_extensions, Comoblog, Directory_listing_script, Dirlist, Easymoblog
2023-02-24
N/A
7.5 HIGH
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
2023-02-22
N/A
6.5 MEDIUM
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability.
Ac1200, Ac1200_firmware, Ac1200_re018, Ac1200_re018_firmware, Re057, Re057_firmware, Re170, Re170_firmware
2023-02-10
N/A
7.5 HIGH
A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.
Sma_100_firmware, Sma_100, Sonicos_sslvpn_nacagent, 6200, 6200_firmware, 6210, 6210_firmware, 6bk1602-0aa12-0tp0, 6bk1602-0aa12-0tp0_firmware, 6bk1602-0aa22-0tp0
2023-02-22
N/A
5.3 MEDIUM
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.
A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.