Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-46118: bug_report/SQLi-2.md at main · HMHYHM/bug_report

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.

CVE
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-46124: bug_report/SQLi-9.md at main · HMHYHM/bug_report

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.

CVE-2022-46120: bug_report/SQLi-4.md at main · HMHYHM/bug_report

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.

CVE-2022-46121: bug_report/SQLi-5.md at main · HMHYHM/bug_report

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.

Red Hat Security Advisory 2022-8980-01

Red Hat Security Advisory 2022-8980-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-8979-01

Red Hat Security Advisory 2022-8979-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

Shoplazza 1.1 Cross Site Scripting

Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.

Update now! Two zero-days fixed in 2022's last patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers