Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-28530: Covid-19 Directory On Vaccination System 1.0 SQL Injection ≈ Packet Storm

Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory.

CVE
Open in Source
#sql#web#linux#apache#js#php#backdoor#rce#nginx#auth#firefox
CVE-2022-27634

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Google fixes two critical Pixel vulnerabilities: Get your updates when you can!

Google has released updates for Android and its Pixel phone. We discuss the three vulnerabilities that were classified as critical. The post Google fixes two critical Pixel vulnerabilities: Get your updates when you can! appeared first on Malwarebytes Labs.

CVE-2021-41739: Artica Proxy 4.30 cyrus.events.php RCE - rootless - Medium

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of

CVE-2022-20753: Cisco Security Advisory: Cisco Small Business RV Series Routers Remote Code Execution Vulnerability

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.