Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Home Clean Service System 1.0 SQL Injection

Home Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#git#php#auth#webkit#sap
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation

Miele Benchmark Programming Tool versions 1.1.49 and 1.2.71 suffer from a privilege escalation vulnerability.

Red Hat Security Advisory 2022-1619-01

Red Hat Security Advisory 2022-1619-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a denial of service vulnerability.

Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

When Security Meets Development: The DevSecOps Conundrum

The DevSecOps journey is well worth undertaking because it can improve communication, speed up development, and ensure quality products.

CVE-2021-45841: How to summon RCEs

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.

CVE-2022-29582: security - Linux: UaF due to concurrency issue in io_uring timeouts

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.

LinkedIn Brand Now the Most Abused in Phishing Attempts

New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks.