Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-45990: CVE-nu11secur1ty/vendors/winston-dsouza/ecommerce-website at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.

CVE
Open in Source
#sql#xss#vulnerability#web#windows#apple#google#ddos#java#php#botnet#chrome#webkit
CVE-2022-45769: CVE-nu11secur1ty/vendors/clicshopping.org/2022/ClicShopping_V3 at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.

CVE-2022-46464: CVE-nu11secur1ty/vendors/concretecms.org/2022/concretecms-9.1.3 at main · nu11secur1ty/CVE-nu11secur1ty

ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Categories: Podcast This week on Lock and Code, we explore why security advisories—which businesses rely on to inform them about security patches—are falling short of their intended goals. (Read more...) The post Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 appeared first on Malwarebytes Labs.

North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps

The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents,"

CVE-2022-4280: Vulnerability/Information leakage vulnerability exists in findUser, a smart campus system developed by Dot Tech.md at main · Peanut886/Vulnerability

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.

Newsroom Sues NSO Group for Pegasus Spyware Compromise

Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.

CVE-2022-45656: CVE-vulns/fromSetSysTime.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

CVE-2022-45657: CVE-vulns/fromSetIpMacBind.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

CVE-2022-45647: CVE-vulns/formSetClientState_limitSpeed.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.