CVE-2022-37185

SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage...

EMS system of the Office of the Thai Basic Education Commission 6.2 SQL注入漏洞

EMS 6.2 system of the Office of the Thai Basic Education Commission is an electrical energy management system organized by the Office of the Thai Basic Education Commission in Thailand. A SQL injection vulnerability exists in EMS 6.2 system of the Office of the Thai Basic Education Commission...

Microsoft will disable Basic authentication for Exchange Online in less than a month

Microsoft has posted a reminder on the Exchange Team blog that Basic authentication for Exchange Online will be disabled in less than a month, on October 1, 2022. The first announcement of the change stems from September 20, 2019. With so much warning you might expect organizations to be ready, a...

CVE-2022-37090

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditBasicSSID...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...

PT-2022-4348 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge version 20.0 Build: 4201.2111.1802.0000 Service Pack 2 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page ...

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as...

Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for files and directories, which allows a perpetrator to increase their privileges or execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for files and directories. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary code...

Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted

HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.httprequest.HttpRequest.xml on the Jenkins controller as part of its configuration when using deprecated Basic/Digest Authentication. These passwords can be viewed by...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...

MAL-2022-2402 Malicious code in deere-ui-basic-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57581e423cb9729c047dfc59ba3efb537cd100dbe1048d054c7ba1968cc4f144 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deere-ui-basic-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57581e423cb9729c047dfc59ba3efb537cd100dbe1048d054c7ba1968cc4f144 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process for DLL libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process when libraries of DLL files are loaded. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the ability to restore unreliable data in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions to critical resources, allowing a perpetrator to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for a critical resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-46741

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity...

CVE-2021-46741

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity...