#apple

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more. Slowly, they’re having to add “IT admin” to their list of roles.  Educational institutions have increasingly become a target for ransomware attacks, an issue already highlighted this year by a major cyber attack on the combined Los Angeles school district in California that schools are still recovering from.  Teachers there reported that during the week of the attack, they couldn’t enter attendance, lost lesson plans and presentations, and had to scrap homework plans. Technology has become ever-present in classrooms, so any minimal disruption in a school’s network or software can throw pretty much everything off.  The last thing teachers need to worry about now is defending against a well-funded threat act...

JFinal CMS 5.1.0 is vulnerable to SQL Injection.

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

Researcher uncovers RCE and undocumented backdoor risks

Categories: Apple Categories: News iOS 16 has landed and it comes with a lot of features to strengthen a user's account security and privacy. We've taken a look. (Read more...) The post Here are the new security and privacy features of iOS 16 appeared first on Malwarebytes Labs.

TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.