Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-42098: Release Development Release · msaad1999/KLiK-SocialMediaWebsite

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.

CVE
Open in Source
#sql#web#windows#php
CVE-2022-40842: cve-s/poc.txt at main · daaaalllii/cve-s

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.

CVE-2022-41945: RCE Vulnerability in URL input

super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.

GHSA-vqp6-rc3h-83cp: Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. **Affected platforms:** Windows **Patched Tailscale client versions:** v1.32.3 or later, v1.33.257 or later (unstable) ### What happened? In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. ### Who is affected? All Windows clients prior to version v.1.32.3 are affected. ### What should I do? If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. ### What is the impact? An attacker-controlled coo...

CVE-2022-30258: DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

CVE-2022-43143: BUG: Beekeeper Remote Code Execution via XSS · Issue #1393 · beekeeper-studio/beekeeper-studio

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.

Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

By Deeba Ahmed AXLocker ransomware is now known as a threat that targets Discord users. This is a post from HackRead.com Read the original post: Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

CVE-2022-44175: IoT_vuln/readme.md at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.