Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-37238: SecurityGateway for Email Servers Release Notes

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.

CVE
Open in Source
#sql#xss#vulnerability#web#mac#windows#microsoft#git#intel#ldap#pdf#auth#ssl
Red Hat Security Advisory 2022-6158-01

Red Hat Security Advisory 2022-6158-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

CVE-2022-2957

A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.

CVE-2022-32427: Security Bulletin | Printerlogic

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

RHSA-2022:6158: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE

CVE-2022-37178: 72crm v9 has sql injection vulnerability · Issue #34 · 72wukong/72crm-9.0-PHP

An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar.

CVE-2022-36633: GitHub - gravitational/teleport: The easiest, most secure way to access infrastructure.

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

5 Keys To Successful Least Privilege Policy Implementation

By Waqas This article discusses essential keys to successfully implementing the least privilege policy. This is a post from HackRead.com Read the original post: 5 Keys To Successful Least Privilege Policy Implementation

GHSA-5rf4-f24c-hpvh: SQL injection in jflyfox jfinal

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

GHSA-wv39-f3vx-3v6q: SQL injection in jflyfox jfinal

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.