CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

CVE-2022-41853

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

DeathSleep - A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they...

CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

Authorization

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002159)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002159 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Genymotion Desktop 代码问题漏洞

Genymotion Desktop is an Android emulator from Genymotion. A security vulnerability exists in Genymotion Desktop version 3.2.1, which stems from a missing profapi.dll, and can be exploited by an attacker to use a malicious dll with the same name and gain administrator privileges, as well as execu...

RHEL 8 : ruby:3.0 (RHSA-2022:6450)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6450 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CentOS 8 : ruby:3.0 (CESA-2022:6450)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6450 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...

PrestaShop Cross-Site Scripting Vulnerability (CNVD-2022-62230)

PrestaShop is an open source e-commerce solution from PrestaShop Inc. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop module 5.0.2 prior versions of cross-site scripting vulnerability, the vulnerability stems from t...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10109-1 Rating: important References: Cross-References: CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 Affected...

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...

PT-2022-37209 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified Description: A security exception crash has been reported in Apache Commons JXPath. The crash occurs in the org.apache.commons.jxpath.ri.axes package, specifically in the...

SUSE SLES15 Security Update : podman (SUSE-SU-2022:2839-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry...

PT-2022-37197 · Git +1 · Jackson-Modules-Java8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, with details including a crash type and crash state. The crash state involves methods such as fuzzerTestOneInput...

Sql injection

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...