Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

CVE-2022-38093: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.

CVE
Open in Source
#sql#csrf#vulnerability#web#ios#mac#google#microsoft#apache#js#git#java#wordpress#php#perl#nginx#auth#ssh#sap#ssl
CVE-2022-38144: wpForo Forum

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Ransomware review: August 2022

Categories: Threat Intelligence LockBit remained the dominant ransomware variant in August, as it has all year. At the other end of the scale REvil's revival in slow motion continued with a single victim listed. (Read more...) The post Ransomware review: August 2022 appeared first on Malwarebytes Labs.

CVE-2022-28220: Apache James

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

Trojan-Ransom.Win32.Hive.bv MVID-2022-0636 Code Execution

Trojan-Ransom.Win32.Hive.bv malware suffers from a code execution vulnerability.

Red Hat Security Advisory 2022-6354-01

Red Hat Security Advisory 2022-6354-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a privilege escalation vulnerability.

Some Employees Aren't Just Leaving Companies — They're Defrauding Them

Here are a few measures your organization can implement to minimize fraudulent behavior and losses.

CVE-2022-2935: Vulnerability Advisories - Wordfence

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.