Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

A week in security (August 22 - August 28)

Categories: News Tags: cryptojackers Tags: CISA Tags: Reddit Tags: social engineering Tags: Google Tags: PLex Tags: Hikvision Tags: patch management Tags: ChromeOS Tags: Twitter Tags: Binance Tags: Gitlab Tags: TrickBot Tags: LastPass The important security news of this week (Read more...) The post A week in security (August 22 - August 28) appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#ios#android#mac#windows#google#git#chrome
CVE-2022-22897: PrestaShop Ap Pagebuilder 2.4.4 SQL Injection ≈ Packet Storm

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

CVE-2022-36572: try/SinSiuEnterpriseWebsiteSystem at main · BreakALegCml/try

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.

CVE-2022-36708: bug_report/SQLi-3.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.

CVE-2022-36707: bug_report/SQLi-2.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/bookdetails.php.

CVE-2022-36706: vul-wiki/SQLi-16.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.

CVE-2022-36705: vul-wiki/SQLi-15.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.

CVE-2022-36704: bug_report/SQLi-1.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

CVE-2022-38792: Pin exotel dependency to 0.1.5 due to security issue in 0.1.6 by anroots-tw · Pull Request #931 · jertel/elastalert2

The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.

Threat Roundup for August 19 to August 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 19 and Aug. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...