Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-42242: bug_report/SQLi-2.md at main · aabbcc8997/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.

CVE
Open in Source
#sql#vulnerability#windows#js#java#php#auth#firefox
CVE-2022-42241: bug_report/SQLi-3.md at main · aabbcc8997/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.

CVE-2022-2781: Security Advisory 2022-16

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

CVE-2022-2783: Security Advisory 2022-17

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token

CVE-2022-26240: CVE-2022-26240: Normand Message Buffer - Pastebin.com

The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

Any time we welcome this software and hardware into our homes and on our devices, it’s worth considering what sacrifices we might be making elsewhere.

OnionPoison – Fake Tor Browser Installer Spreading Malware Via YouTube

By Waqas Threat actors are using YouTube's video description feature to spread the fake Tor browser through a malicious website. This is a post from HackRead.com Read the original post: OnionPoison – Fake Tor Browser Installer Spreading Malware Via YouTube

Remote Mouse 4.110 Remote Code Execution

This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 4.110, current at the time of module writing.