Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

T-Soft E-Commerce 4 SQL Injection

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#web#windows#apple#google#linux#js#php#auth#chrome#webkit
CVE-2022-24108: Responsive OpenCart 3.0.x & OpenCart 2.x Module - So Listing Tabs

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

Long lost @ symbol gets new life obscuring malicious URLs

A little-used feature of web addresses is being used to obfuscate malicious phishing URLs. The post Long lost @ symbol gets new life obscuring malicious URLs appeared first on Malwarebytes Labs.

Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free

A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.

CVE-2022-29587: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals

Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

CVE-2022-30367: bug_report/delet-file-1.md at main · k0xx11/bug_report

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.

CVE-2022-30370: bug_report/SQLi-1.md at main · k0xx11/bug_report

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.