Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Judging Management System 1.0 Shell Upload

Judging Management System version 1.0 a remote shell upload vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#php#rce#auth
Rash of New Ransomware Variants Springs Up in the Wild

Vohuk, ScareCrow, and AESRT add to the ransomware chaos that organizations have to contend with on a daily basis.

Judging Management System 1.0 SQL Injection

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Red Hat Security Advisory 2022-8913-01

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

CVE-2022-45275: bug_report/RCE-1.md at main · ATKF/bug_report

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-45996: public_bug/tenda/w20e/2 at main · bugfinder0/public_bug

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.

CVE-2022-45979: IOT-CVE/Tenda/AX12/4 at master · The-Itach1/IOT-CVE

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .

95.6% of New Malware in 2022 Targeted Windows

By Habiba Rashid According to researchers, 59.58 million samples of new Windows malware were found in the first three quarters of 2022 and these make up 95.6% of all new malware discovered during that time period.  This is a post from HackRead.com Read the original post: 95.6% of New Malware in 2022 Targeted Windows

GHSA-j8x2-2m5w-j939: Amazon CloudWatch Agent for Windows has Privilege Escalation Vector

### Impact A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. ### Patches Maintainers recommend that Agent users upgrade to the latest available version of the CloudWatch Agent to address this issue. ### Workarounds There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue. ### References https://github.com/aws/amazon-c...