CyberSecurityBoard
Sponsor Register Login

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)

Publication date: Mon, 25 Apr 2022 21:16:00 +0000


Cyber News related to CVE-2022-0656

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
1 year ago Securityweek.com CVE-2022-22274 CVE-2023-0656
CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656
178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656
Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks - A significant security concern has been raised for organizations using SonicWall next-generation firewalls. Tell me more about the SonicWall firewall vulnerability. Security experts have identified that over 178,000 SonicWall firewalls with their ...
1 year ago Securityboulevard.com CVE-2022-22274 CVE-2023-0656
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656
Weekly VulnRecap - The past week and the long weekend have had plenty of vulnerabilities to keep your IT and security teams busy. Keep an eye out for security announcements from your firewall vendors; it's possible additional similar vulnerabilities will come to light. ...
1 year ago Esecurityplanet.com CVE-2023-29357 CVE-2022-22274 CVE-2023-0656
CVE-2022-0656 - The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents ...
3 years ago
CVE-1999-0656 - The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and ...
8 years ago
CVE-2006-0656 - Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. ...
14 years ago
CVE-2016-0654 - Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. ...
9 years ago
CVE-2016-0656 - Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. ...
9 years ago
CVE-2011-0656 - Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint ...
7 years ago
CVE-2008-0656 - Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute. ...
7 years ago
CVE-2018-0656 - Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. ...
7 years ago
CVE-2020-0656 - A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting ...
5 years ago
CVE-2019-0656 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. ...
5 years ago
CVE-2023-0656 - A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. ...
2 years ago
CVE-2021-0656 - In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ...
4 years ago
CVE-2000-0656 - Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol. ...
17 years ago
CVE-2002-0656 - Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. ...
17 years ago
CVE-2013-0656 - Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. ...
12 years ago
CVE-2015-0656 - Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. ...
10 years ago
CVE-2003-0656 - eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile. ...
9 years ago
CVE-2005-0656 - Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. ...
9 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)