Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-4089: Reflective XSS vulnerability in Stock Management System · Issue #3 · rickxy/Stock-Management-System

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#chrome#webkit#ssl
CVE-2022-41932: Brute Force Attack - XWikiLogin is executing create table statements on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.

CVE-2021-43258: ChurchInfo open source church database created with PHP & MySQL! - ChurchInfo open source church database created with PHP & MySQL!

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

CVE-2022-44139: bug_report/SQLi-1.md at main · 375978342/bug_report

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.

CVE-2022-43751: Antivirus, VPN, Identity & Privacy Protection | McAfee

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.

CVE-2022-45535: AeroCMS-v0.0.1-SQLi update_categories_sql_injection

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.

CVE-2022-45331: CVE/post_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.

CVE-2022-45536: CVE/post_comments_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an

CVE-2022-42989: CVEs/SankhyaERP_XSS_Account_Takeover.txt at main · 0xLUC4S/CVEs

ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.