Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-31786: Reflected Cross Site Scripting (XSS) Vulnerability PoC - IdeaLMS.txt

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.

CVE
Open in Source
#xss#vulnerability#windows#js#java#firefox
CVE-2022-34008: Download Free Antivirus Software | Get Complete PC Virus Protection

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

CVE-2022-33056: bug_report/SQLi-4.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.

CVE-2022-33055: bug_report/SQLi-3.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.

CVE-2022-33049: bug_report/SQLi-2.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.

CVE-2022-33048: bug_report/SQLi-1.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and

CVE-2022-33119: nuuo-xss/README.md at main · badboycxcc/nuuo-xss

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was... [[ This is only the beginning! Please visit the blog for the complete entry ]]

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory