Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. Source: NIST CVE-2022-24264
Month: January 2022
CVE-2022-24263
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. Source: NIST CVE-2022-24263
CVE-2022-23872
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. Source: NIST CVE-2022-23872
CVE-2022-24265
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. Source: NIST CVE-2022-24265
CVE-2022-24266
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. Source: NIST CVE-2022-24266
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated …
Cengage to Buy Cybersecurity Training platform, Infosec
Cengage to Buy Cybersecurity Training platform, Infosec A global education technology company based in Boston has signed a $191M deal to buy the cybersecurity training platform, Infosec. Cengage Group announced the …
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or …
Aussie Tech Entrepreneur Extradited Over SMS Fraud
Aussie Tech Entrepreneur Extradited Over SMS Fraud A Russian-born tech entrepreneur has been extradited to the United States from Australia to face charges relating to a multi-million-dollar text messaging consumer …
CVE-2021-42631
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. Source: NIST CVE-2021-42631