CVE-2022-44784 - Remote Arbitrary Service Creation & Code Execution in Appalti & Contratti (LFS / DL229) via Exposed Axis AdminService
In 2022, a critical vulnerability was discovered in Appalti & Contratti version 9.12.2, within its widely used web applications LFS and DL229. The
CVE-2022-45470 - How Missing Input Validation in Apache Hama Leads to Information Disclosure (Path Traversal & XSS Explained)
In late 2022, a significant vulnerability CVE-2022-45470 was discovered in Apache Hama. This issue is particularly interesting because it revolves around classic web security pitfalls:
CVE-2022-43162 The id parameter of the a>NVDLMS v1.0 SQL injection vulnerability was found at /tests/view_test.php.
An attacker can exploit this vulnerability to execute arbitrary SQL commands with root privileges. This may lead to the compromise of the affected site. An
CVE-2022-43256 The SeaCms v12.6 was found to have a SQL injection vulnerability.
An attacker can exploit this issue to execute arbitrary SQL commands in the context of the affected site. A user with access to the root
CVE-2022-45047 - How Insecure Java Deserialization in Apache MINA SSHD Can Open the Gate for Attackers
If you’re running an SSH server using Apache MINA SSHD—especially anything up to version 2.9.1—you need to know about a
Episode
00:00:00
00:00:00