Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Red Hat Security Advisory 2022-5753-01

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Packet Storm
Open in Source
#vulnerability#windows#red_hat#java#ssl
Geonetwork 4.2.0 XML Injection

Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.

Crime Reporting System 1.0 Cross Site Scripting

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

WordPress WP-UserOnline 2.87.6 Cross Site Scripting

WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.

Telegram and Discord Bots Delivering Infostealing Malware

By Deeba Ahmed Intel471 researchers have warned users about how cybercriminals are converting popular apps against them. A new report from… This is a post from HackRead.com Read the original post: Telegram and Discord Bots Delivering Infostealing Malware

CVE-2022-34557: bug_report/SQLi-1.md at main · AD-Appledog/bug_report

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.

CVE-2022-34580: bug_report/XSS-1.md at main · wencongzhao/bug_report

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.

CVE-2021-41556: Squirrel - The Programming Language

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

Breach Exposes Users of Microleaves Proxy Service

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can -- such as by secretly bundling it with other software.

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.