Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-38254: Nagios XI Change Log - Nagios

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#microsoft#ubuntu#linux#debian#red_hat#apache#memcached#js#git#java#oracle#php#rce#perl#ldap#ssrf#pdf#acer#auth#ssh#telnet#ibm#zero_day#rpm#mongo#postgres#chrome#firefox#sap#ssl
CVE-2022-3129: Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities/arbitrary_file_upload.md at main · KingBridgeSS/Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities

A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.

CVE-2022-3130: Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities/sql_injection.md at main · KingBridgeSS/Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities

A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

CVE-2022-3152: Security fixes · PHPFusion/PHPFusion@57c96d4

Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.

CVE-2022-37730: webvue/Ftcms CSRF.md at gh-pages · whiex/webvue

In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge.

CVE-2022-37731: webvue2/ftcmsxss.md at gh-pages · whiex/webvue2

ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing.

MagicRAT: Lazarus’ latest gateway into victim networks

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms. We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently. TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog. Executive Summary Cisco Talos has discovered a new remote access trojan (RAT), which we are calling "MagicRAT," that we are attributing with moderate to high confidence to the Lazarus threat actor, a state-sponsored APT attributed to North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA). This new RAT was found on victims ...

GHSA-jj62-mc3m-j769: FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.

CVE-2022-37344

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.