Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Global Education And Technoworld 4.1 Backup Disclosure

Global Education and Technoworld version 4.1 suffers from an unauthorized backup disclosure vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
Laravel 9.47.0 Information Disclosure

Laravel versions 1.0 to 9.47.0 suffer from database disclosure and information leakage vulnerabilities.

Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239115 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI […]

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The

Mikko Hypponen’s opinion on the technological revolution

By Owais Sultan Mikko Hypponen, Chief Research Officer at WithSecure (Formerly F-Secure), is considered one of the best cybersecurity speakers in… This is a post from HackRead.com Read the original post: Mikko Hypponen’s opinion on the technological revolution

CVE-2022-46502: bug_report/SQLi-1.md at main · snowingllll/bug_report

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.

CVE-2022-48256: DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.

CVE-2022-46471: bug_report/SQLi-1.md at main · dreamwonly/bug_report

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php.

CVE-2022-46472: bug_report/SQLi-1.md at main · MAO-qi/bug_report

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.