6 matches found
CVE-2026-34028
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...
CVE-2026-34028 Unauthenticated direct access to web data in Wertheim SafeController Software exposes files
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...
How attackers use real IT tools to take over your computer
A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...
CVE-2022-25228
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings=show' via the 'userID' parameter, in '/index.php?m=candidates=show' via the 'candidateID', in '/index.php?m=joborders=show' via the 'jobOrderID' and '/index.php?m=companies=show' via the...
CVE-2022-25228
CVE-2022-25228 : Affected software is CandidATS 3.0.0 Beta. An authenticated user can inject SQL via parameters on several endpoints: /index.php?m=settings&a=show (userID), /index.php?m=candidates&a=show (candidateID), /index.php?m=joborders&a=show (jobOrderID), and /index.php?m=companies&a=show ...
Live800 referrerSta. jsp companyID SQL injection vulnerability
No description provided by source...