Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2021-36899: Asset CleanUp: Page Speed Booster

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#windows#google#apache#redis#js#git#java#wordpress#php#perl#auth#chrome#firefox#sap#ssl
CVE-2022-42034: bug_report/RCE-1.md at main · debug601/bug_report

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.

CVE-2022-42229: bug_report/RCE-1.md at main · Tr0ee/bug_report

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.  October's security update features 11 critical vulnerabilities, with the remainder being “important.”   One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.   CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has th...

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

CVE-2022-41376: Metro UI v4.4.0 Components Library Reflected XSS Injection

Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.

CVE-2022-37997: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38044: Windows CD-ROM File System Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.