#firefox

Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id.

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.

Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-40959 Tags: CVE-2022-40960 Tags: CVE-2022-40962 Tags: CVE-2022-3033 Tags: Mozilla Tags: Firefox Tags: Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system. (Read more...) The post Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities appeared first on Malwarebytes Labs.

Buffalo TeraStation Network Attached Storage (NAS) version 1.66 suffers from an authentication bypass vulnerability.

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.

VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.

OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.

WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.