Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2022-24830

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.

CVE
Open in Source
#vulnerability#java#rce
Threat Roundup for May 6 to May 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Red Hat Security Advisory 2022-2236-01

Red Hat Security Advisory 2022-2236-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.

COOPER: Testing The Binding Code Of Scripting Languages With Cooperative Mutation

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

CVE-2022-30395: bug_report/SQLi-7.md at main · k0xx11/bug_report

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.

CVE-2022-30392: bug_report/SQLi-6.md at main · k0xx11/bug_report

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.

CVE-2022-30413: bug_report/SQLi-1.md at main · k0xx11/bug_report

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

CVE-2022-30367: bug_report/delet-file-1.md at main · k0xx11/bug_report

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.

CVE-2022-30370: bug_report/SQLi-1.md at main · k0xx11/bug_report

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.