Security Vulnerabilities - CVEs Published In October 2022
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2022-10-31
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVSS Score
9.8
EPSS Score
0.049
Published
2022-10-31
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
CVSS Score
7.5
EPSS Score
0.885
Published
2022-10-31
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-31
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-31
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-10-31
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-31
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
8.2
EPSS Score
0.005
Published
2022-10-31
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
7.3
EPSS Score
0.346
Published
2022-10-31
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-31