Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-1839: webray.com.cn/HCS_login_email_SQL_injection.md at main · Xor-Gerke/webray.com.cn

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#apache#php#auth#chrome#webkit
CVE-2022-31489: CVEs/Blockchain-AltExchanger-121-sqli.md at main · bigb0x/CVEs

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.

Pwn2Own Vancouver: 15th annual hacking event pays out $1.2m for high-impact security bugs

Tesla, Microsoft, and others targeted in hacking competition that saw Star Labs crowned ‘Masters of Pwn’

Hunting down your data with Whitney Merrill: Lock and Code S03E11

This week on Lock and Code, we speak with Whitney Merrill about why it is so difficult to get your own data from a company. The post Hunting down your data with Whitney Merrill: Lock and Code S03E11 appeared first on Malwarebytes Labs.

Blockchain AltExchanger 1.2.1 SQL Injection

Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.

CVE-2022-28874: Security advisories

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

How GDPR Is Failing

The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.

CVE-2022-1752: Unrestricted File Upload and Path Traversal in upload image in trudesk

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-29216: tensorflow/saved_model_cli.py at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

By Waqas Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also… This is a post from HackRead.com Read the original post: Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1