Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-29687: SQL injection vulnerability exists in Cscms music portal system v4.2 (Discovered by 星海Lab) · Issue #30 · chshcms/cscms

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#js#java#php#ssh#chrome#webkit
ChromeLoader targets Chrome Browser users with malicious ISO files

ChromeLoader is working its way into Chrome browsers via ISO images claiming to offer cracked games. What are the dangers? The post ChromeLoader targets Chrome Browser users with malicious ISO files appeared first on Malwarebytes Labs.

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the

CVE-2022-29380: Offensive Security’s Exploit Database Archive

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.

CVE-2022-29651: Online Food Ordering System Unrestricted File Upload + Remote Code Execution - HackMD

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-29650: Online Food Ordering System Unauthenticated Sql Injection - HackMD

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.

Update now! Multiple vulnerabilities patched in Google Chrome

Google has issued an update for the Chrome browser to patch 32 security issues . One of the vulnerabilities is rated as critical, so install that update as soon as you can. The post Update now! Multiple vulnerabilities patched in Google Chrome appeared first on Malwarebytes Labs.

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

A spyware vendor called Cytrox was found to be using several zero-day vulnerabilities in Google's Chrome browser and the Android kernel component. The post Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware appeared first on Malwarebytes Labs.