Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-44345: bug_report/SQLi-1.md at main · BGP-OSPF/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.

CVE
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-44277: bug_report/SQLi-1.md at main · llwyx200113/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

IBM Websphere Application Server 7.0 Cross Site Scripting

IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.

CISA and the FBI issue alert about Cuba ransomware

Categories: News Categories: Ransomware Tags: Cuba ransomware Tags: ransomware Tags: double extortion Tags: Cybersecurity Advisory Tags: CSA Tags: CISA Tags: FBI Cuba ransomware is spotlighted in a recent cybersecurity advisory (CSA) in the ongoing #StopRansomware campaign spearheaded by CISA and the FBI. (Read more...) The post CISA and the FBI issue alert about Cuba ransomware appeared first on Malwarebytes Labs.

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a "sharp increase in both the number of compromised

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

By Habiba Rashid A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider. This is a post from HackRead.com Read the original post: Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

CVE-2022-42718: Privilege Escalation in NI LabVIEW CLI

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.