CVE-2022-47410

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...

CVE-2022-44790

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists...

BigCommerec Interspire Email Marketer SQL注入漏洞

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. BigCommerec Interspire Email Marketer version 6.0.0 suffers from a SQL injection vulnerability that originates from allowing SQL injection in the survey module, which can be exploited by an...

[SECURITY] [DLA 3186-1] exiv2 security update

Debian LTS Advisory DLA-3186-1 [email protected] https://www.debian.org/lts/security/ Dominik George November 10, 2022 https://wiki.debian.org/LTS Package : exiv2 Version : 0.25-4+deb10u3 CVE ID : CVE-2017-11683 CVE-2020-19716 CVE-2022-3756 Debian Bug : 876893 Three vulnerabilities have...

CVE-2022-3059

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

Sql injection

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

CVE-2022-3059

The CVE-2022-3059 entry pertains to Schoolbox (version 21.0.2) and describes SQL injection via a vulnerable parameter, exploitable with authenticated or unauthenticated access. The root cause involves stacked queries allowing complex SQL commands, and a sleep-based inferential technique to extrac...

Schoolbox SQL注入漏洞

Schoolbox is an online learning platform from Schoolbox Australia. A security vulnerability exists in Schoolbox version 21.0.2 that stems from multiple SQL injection attacks via vulnerable parameters. An attacker exploiting the vulnerability could extract data from the database...

PT-2022-20193 · Red Os · Red Os

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due t...

Moto E20 Readback Vulnerability

09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

PT-2022-17823 · Baxter · Baxter Spectrum Wireless Battery Module

Name of the Vulnerable Software and Affected Versions: Baxter Spectrum Wireless Battery Module WBM affected versions not specified Description: The issue concerns the storage of network credentials and Protected Health Information PHI in unencrypted form, specifically applicable to Spectrum IQ...

CVE-2022-2718

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin JoomSport - for Sports: Te...

CVE-2022-22096

Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile...

PT-2022-15232 · Qualcomm · Qualcomm Snapdragon Connectivity +1

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Connectivity and Snapdragon Mobile affected versions not specified Description: The issue is related to memory corruption in the Bluetooth HOST component due to a stack-based buffer overflow. This occurs when extracting da...

European Spyware Vendor Offering Android and iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Offering Android and iOS Devi...

Iranian APT’s new data extraction tool Hyperscrape

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts...

USN-5525-1 libxml-security-java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...