Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-27427: Security issues - Chamilo LMS

A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.

CVE
#sql#xss#csrf#vulnerability#web#apple#google#js#git#java
Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans

Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past.

CVE-2022-27368: SQL injection vulnerability exists in Cscms music portal system v4.2 · Issue #15 · chshcms/cscms

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.

CVE-2022-27367: SQL injection vulnerability exists in Cscms music portal system v4.2(dance_Topic.php_del) · Issue #14 · chshcms/cscms

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.

CVE-2022-27365: SQL injection vulnerability exists in Cscms music portal system v4.2 · Issue #12 · chshcms/cscms

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.

CVE-2022-27366: SQL injection vulnerability exists in Cscms music portal system v4.2 · Issue #13 · chshcms/cscms

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.

CVE-2022-27369: SQL injection vulnerability exists in Cscms music portal system v4.2(news_News.php_hy) · Issue #16 · chshcms/cscms

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.

CVE-2022-28345: security/SICK-2022-42.md at master · sickcodes/security

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.

CVE-2022-28397: Ghost Customers – A showcase of real sites built with Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.