Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-39949: Fortiguard

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0  through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.

CVE
Open in Source
#vulnerability#windows
RHSA-2022:7273: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.0 release and security update

Red Hat JBoss Web Server 5.7.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22696: cxf: OAuth 2 authorization service vulnerable to DDos attacks * CVE-2021-30468: CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter * CVE-2022-23181: tomcat: local privilege escalation vulnerability

Now That EDR Is Obvious, What Comes Next?

First in our series addressing the top 10 unanswered questions in security: What's going to replace EDR?

CVE-2022-43329: bug_report/SQLi-1.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.

CVE-2022-43330: bug_report/SQLi-2.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.

CVE-2022-43331: bug_report/SQLi-3.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.

CVE-2022-43076: CVE_Hunter/XSS-1.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.

CVE-2022-43078: CVE_Hunter/XSS-2.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

CVE-2022-43079: CVE_Hunter/XSS-3.md at main · Tr0e/CVE_Hunter

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.