Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-30372: bug_report/SQLi-2.md at main · k0xx11/bug_report

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.

CVE
Open in Source
#sql#vulnerability#windows#js#java#php#firefox
CVE-2022-30371: bug_report/SQLi-3.md at main · k0xx11/bug_report

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.

CVE-2022-23742: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

CVE-2022-23742: 2022-23742 - Local Privileges Escalation in Check Point Endpoint Security Client's EFRService

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

CVE-2021-27500: GitHub - EIPStackGroup/OpENer: OpENer is an EtherNet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making EtherNet/IP-compli

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

CVE-2021-27500: GitHub - EIPStackGroup/OpENer: OpENer is an EtherNet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making EtherNet/IP-compli

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

CVE-2022-28819: Adobe Security Bulletin

Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.

Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late?

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2021-40399: TALOS-2021-1412 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

CVE-2021-40399: TALOS-2021-1412 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.