Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-2577: vul/Garage Management System(SQLI).md at main · ch0ing/vul

A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE
Open in Source
#sql#vulnerability#web#windows#apache#php#auth
The ransomware landscape changes as fewer victims decide to pay

Categories: Ransomware Tags: extortion Tags: law enforcement Tags: legislation Tags: raas Tags: ransomware A considerable drop in the median of ransom payments and several other circumstances are causing the ransomware landscape to change. (Read more...) The post The ransomware landscape changes as fewer victims decide to pay appeared first on Malwarebytes Labs.

Red Hat Security Advisory 2022-5753-01

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Geonetwork 4.2.0 XML Injection

Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.

Crime Reporting System 1.0 Cross Site Scripting

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

WordPress WP-UserOnline 2.87.6 Cross Site Scripting

WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.

Telegram and Discord Bots Delivering Infostealing Malware

By Deeba Ahmed Intel471 researchers have warned users about how cybercriminals are converting popular apps against them. A new report from… This is a post from HackRead.com Read the original post: Telegram and Discord Bots Delivering Infostealing Malware

CVE-2022-34557: bug_report/SQLi-1.md at main · AD-Appledog/bug_report

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.

CVE-2022-34580: bug_report/XSS-1.md at main · wencongzhao/bug_report

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.

CVE-2021-41556: Squirrel - The Programming Language

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.