Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-42149: paper/ssrf_vul_en.md at main · xiaojiangxl/paper

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

CVE
Open in Source
#vulnerability#web#windows#java#ssrf#firefox
CVE-2022-41751: jhead/jhead.c at 63ce118c6a59ea64ac357236a11a47aaf569d622 · Matthias-Wandel/jhead

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

CVE-2022-28291: CSW Expert Discovers a Zero Day Vulnerability in Tenable’s Nessus Scanner

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

MiniDVBLinux 5.4 Change Root Password

MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.

CVE-2022-41498: bug_report/SQLi-1.md at main · aurigee/bug_report

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.

CVE-2022-3546: Stored-xss-/Poc at main · thehackingverse/Stored-xss-

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft

A week in security (October 10 - 16)

Categories: News Tags: a week in security Tags: week in security Tags: AI Bill of Rights Tags: Final Fantasy XIV Tags: Lock and Code S03E21 Tags: Meta Tags: WhatsApp Tags: ransomware Tags: tax scam Tags: Chinese APT Tags: Android Tags: Chrome Tags: iOS Tags: managed detection response Tags: MDR Tags: disinformation Tags: FBI Tags: CISA The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 10 - 16) appeared first on Malwarebytes Labs.