Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-29633: GitHub - awake1t/linglong: 一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.

CVE
Open in Source
#sql#web#js#git#nginx#ssh#mongo#postgres#docker
RHSA-2022:4712: Red Hat Security Advisory: RHV Engine and Host Common Packages security update

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

CVE-2022-30495: OpenSource/exploit_idor_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

CVE-2022-30516: GitHub - Danie1233/Hospital-Management-System-V1.0-SQLi

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

CVE-2022-30493: OpenSource/exploit_sql_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).

CVE-2022-30494: OpenSource/exploit_xss_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

LinkedIn bug bounty program goes public with rewards of up to $18k

Social media platform ends private program after paying $250,000 in rewards over eight years

CVE-2022-29682: SQL injection vulnerability exists in Cscms music portal system v4.2 · Issue #36 · chshcms/cscms

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.

CVE-2022-29680: SQL injection vulnerability exists in Cscms music portal system v4.2 · Issue #31 · chshcms/cscms

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.