Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-45968: Upload files to the directory with password Vulnerability(bypass) · Issue #2444 · alist-org/alist

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

CVE
#vulnerability#mac#js#git#intel#auth#firefox
Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

By Deeba Ahmed At the moment, Zombinder is focusing entirely on Android apps but the service operators are offering Windows apps binding services. This is a post from HackRead.com Read the original post: Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

Threat Round up for December 2 to December 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 2 and Dec. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2022-44838: bug_report/SQLi-1.md at main · GkaMei/bug_report

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

By Habiba Rashid Here is everything you need to know about the first two days at the Pwn2Own hacking contest. This is a post from HackRead.com Read the original post: Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

CVE-2022-44931: IOT_Vul/readme.md at main · z1r00/IOT_Vul

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

Don’t Sell Your Laptop Without Following These Steps

By Owais Sultan Before selling or trading in your laptop, it is important to prepare the device for its new owner as this will help ensure all of your personal data remains safe. This is a post from HackRead.com Read the original post: Don’t Sell Your Laptop Without Following These Steps

CVE-2022-23491: concerns about Trustcor

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

CVE-2022-44393: vul_report/SQLi-1.md at main · Serces-X/vul_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.