Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-32328: bug_report/delet-file-1.md at main · k0xx11/bug_report

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img.

CVE
Open in Source
#vulnerability#web#windows#php#firefox
CVE-2022-32330: bug_report/SQLi-2.md at main · k0xx11/bug_report

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.

CVE-2022-32334: bug_report/SQLi-5.md at main · k0xx11/bug_report

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.

Beware the 'Secret Agent' Cloud Middleware

New open source database details the software that cloud service providers typically silently install on enterprises' virtual machines — often unbeknownst to customers.

What is the Essential Eight (And Why Non-Aussies Should Care)

In 2017, The Australian Cyber Security Center (ACSC) published a set of mitigation strategies that were designed to help organizations to protect themselves against cyber security incidents. These strategies, which became known as the Essential Eight, are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms. What is

CVE-2022-32336: bug_report/SQLi-6.md at main · k0xx11/bug_report

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.

CVE-2021-40678: Persistent Cross Site Scripting in Batch Manager(version:11.5.0) · Issue #1476 · Piwigo/Piwigo

In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Microsoft has warned of APT groups and ransomware authors exploiting the now patched Confluence vulnerability. We take a look at the dangers. The post “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft appeared first on Malwarebytes Labs.

CVE-2022-29925: Improvement information list | Hakko Electronics Co., Ltd.

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

CVE-2022-2077: Suspected Russian Activity Targeting Government and Business Entities Around the Globe

A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue.