Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Blockchain FiatExchanger 2.2.1 SQL Injection

Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#git#php#auth
Blockchain AltExchanger 1.2.1 SQL Injection

Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.

CVE-2022-1816: webray.com.cn/Zoo-Management-System(XSS).md at main · Xor-Gerke/webray.com.cn

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-28874: Security advisories

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.

5 Casual Games You Can Play on Your Mobile Browser Now

By Owais Sultan Online gaming has always been the buddy of leisure time because they allow us to bring some enjoyment… This is a post from HackRead.com Read the original post: 5 Casual Games You Can Play on Your Mobile Browser Now

CVE-2022-31268: Vuls/gitblit V1.9.3 path traversal.md at main · metaStor/Vuls

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

CVE-2022-1752: Unrestricted File Upload and Path Traversal in upload image in trudesk

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-29209: tensorflow/logging.h at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29434: Spiffy Calendar

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.