Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-34009: Fossil: Change Log

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.

CVE
Open in Source
#sql#xss#vulnerability#web#mac#windows#linux#cisco#dos#js#git#java#perl#auth#ssh#docker#firefox#sap#ssl
CVE-2021-46830: GoAnywhere MFT Release Notes

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

CVE-2022-34120: bug_report/RCE-1.md at main · wangsj37/bug_report

Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php.

CVE-2022-34550: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') · Issue #8 · rawchen/sims

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure

CVE-2022-34594: bug_report/XSS-1.md at master · gitgeniuss/bug_report

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field.

Novel Malware Hijacks Facebook Business Accounts

Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.

CVE-2022-2341: WordPress Simple Page Transition 1.4.1 Cross Site Scripting ≈ Packet Storm

The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-34115: [Bug]任意文件跨目录写入 · Issue #2428 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.