Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Packet Storm
#vulnerability#web#ios#apple#google#dos#js#auth#zero_day#webkit#wifi
AirTag stalking: What is it, and how can I avoid it?

AirTag stalking is in the news as bills look to close loopholes used by stalkers. What are AirTags, and how can they be used to track people? The post AirTag stalking: What is it, and how can I avoid it? appeared first on Malwarebytes Labs.

iPhones Vulnerable to Attack Even When Turned Off

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

Attackers can Install Malware on iPhone When it is Powered Off – Research

By Deeba Ahmed The iOS Find My feature has a safety loophole that can lead to infecting the iPhone even if… This is a post from HackRead.com Read the original post: Attackers can Install Malware on iPhone When it is Powered Off – Research

Researchers Find Way to Run Malware on iPhone Even When It's OFF

A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate

CVE-2022-30778: Laravel 9.1.8 POP chain · Issue #1 · 1nhann/vulns

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

CVE-2022-30708: Webmin

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

CVE-2022-30367: bug_report/delet-file-1.md at main · k0xx11/bug_report

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.