Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-26633: Offensive Security’s Exploit Database Archive

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.

CVE
#sql#vulnerability#linux#js#java#php#auth#firefox
CVE-2022-30886: School Dormitory Management System 1.0 SQL Injection ≈ Packet Storm

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.

CVE-2022-30518

ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.

New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware

CVE-2022-28962: Online Sports Complex Booking System 1.0 SQL Injection ≈ Packet Storm

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.

CVE-2022-28961

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.

CVE-2022-29652: Online Sports Complex Booking System 1.0 Cross Site Scripting ≈ Packet Storm

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

CVE-2022-29304: Exploit-/Online Sports Complex Booking System 1.0 SQL Injection(三).md at main · playZG/Exploit-

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.