Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Unpatched Atlassian Confluence vulnerability is actively exploited

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched. The post Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#linux#js#java#php#rce#auth#zero_day
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was documented in

CVE-2022-32250: security - Linux Kernel use-after-free write in netfilter

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

CVE-2022-29718: caddyhttp: Fix `MatchPath` sanitizing by francislavoie · Pull Request #4499 · caddyserver/caddy

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

CVE-2022-32019: bug_report/RCE-1.md at main · k0xx11/bug_report

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.

CVE-2022-1979: webray.com.cn/'Message' Stored Cross-Site Scripting(XSS).md at main · Xor-Gerke/webray.com.cn

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.

CVE-2022-32028: bug_report/SQLi-8.md at main · k0xx11/bug_report

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.

CVE-2022-32027: bug_report/SQLi-7.md at main · k0xx11/bug_report

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.

CVE-2022-32026: bug_report/SQLi-5.md at main · k0xx11/bug_report

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.

CVE-2022-32021: bug_report/SQLi-3.md at main · k0xx11/bug_report

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.