#windows

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to

An in-depth look at the attack chain used by an unknown APT group that has launched four campaigns against Russian targets since February. The post Unknown APT group has targeted Russia repeatedly since Ukraine invasion appeared first on Malwarebytes Labs.

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239088 CVSS redefinitions A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in […]

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.