Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-22977: VMSA-2022-0015

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

CVE
Open in Source
#vulnerability#windows#dos#vmware
Zoom XMPP Stanza Smuggling Remote Code Execution

This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the ...

CVE-2022-30838: bug_report_CVE/sql.md at main · mikeccltt/bug_report_CVE

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status

CVE-2022-30839: bug_report_CVE/xss.md at main · mikeccltt/bug_report_CVE

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.

CVE-2022-30842: bug_report_CVE/xss.md at main · mikeccltt/bug_report_CVE

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.

CVE-2022-30843: bug_report_CVE/sql.md at main · mikeccltt/bug_report_CVE

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.

CVE-2022-30837: bug_report_CVE/xss.md at main · mikeccltt/bug_report_CVE

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.

CVE-2022-30464: chatbot/xss.md at main · mikeccltt/chatbot

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.

CVE-2022-30462: wbms_bug_report/xss.md at main · mikeccltt/wbms_bug_report

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.

CVE-2022-30463: automotive/sql.md at main · mikeccltt/automotive

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.