Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-32375: bug_report/SQLi-6.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.

CVE
Open in Source
#sql#vulnerability#windows#php#firefox
CVE-2022-24127: REDCap Change Log - Eastern Virginia Medical School (EVMS), Norfolk, Hampton Roads

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

CVE-2022-33140: Apache NiFi Security Reports

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.

Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser”

Mozilla has launched its Total Cookie Protection addition to Firefox for users worldwide. What does it do? The post Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser” appeared first on Malwarebytes Labs.

Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. <!-

CVE-2022-32363: bug_report/SQLi-8.md at main · k0xx11/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=.

CVE-2022-32362: bug_report/SQLi-9.md at main · k0xx11/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=.

CVE-2022-32359: bug_report/SQLi-3.md at main · k0xx11/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.

CVE-2022-32358: bug_report/SQLi-5.md at main · k0xx11/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.

CVE-2022-32355: bug_report/SQLi-6.md at main · k0xx11/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=.