‼ CVE-2022-28424 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27478 ‼
📖 Read
via "National Vulnerability Database".
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28425 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28010 ‼
📖 Read
via "National Vulnerability Database".
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtime_delete.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28438 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28429 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28440 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28432 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28028 ‼
📖 Read
via "National Vulnerability Database".
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28422 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.📖 Read
via "National Vulnerability Database".
🕴 Zero-Day Exploit Use Exploded in 2021 🕴
📖 Read
via "Dark Reading".
Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.📖 Read
via "Dark Reading".
Dark Reading
Zero-Day Exploit Use Exploded in 2021
Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.
‼ CVE-2022-29577 ‼
📖 Read
via "National Vulnerability Database".
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28366 ‼
📖 Read
via "National Vulnerability Database".
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24939.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29280 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidate is a reservation duplicate of CVE-2022-28366. Notes: All CVE users should reference CVE-2022-28366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28367 ‼
📖 Read
via "National Vulnerability Database".
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1429 ‼
📖 Read
via "National Vulnerability Database".
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26672 ‼
📖 Read
via "National Vulnerability Database".
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26673 ‼
📖 Read
via "National Vulnerability Database".
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26674 ‼
📖 Read
via "National Vulnerability Database".
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.📖 Read
via "National Vulnerability Database".
❌ Skeletons in the Closet: Security 101 Takes a Backseat to 0-days ❌
📖 Read
via "Threat Post".
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.📖 Read
via "Threat Post".
Threat Post
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
👍1
❌ Zero-Trust For All: A Practical Guide ❌
📖 Read
via "Threat Post".
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.📖 Read
via "Threat Post".
Threat Post
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.