CVE-2022-28330 - Understanding and Exploiting the Apache HTTP Server mod_isapi Out-of-Bounds Read on Windows
In March 2022, the Apache Software Foundation disclosed a security vulnerability, CVE-2022-28330, affecting the Apache HTTP Server (httpd) versions 2.4.53 and earlier on
CVE-2022-0788 The WordPress plugin before 1.5.0 does not sanitize and escape a parameter before using it in a SQL statement, which can be exploited by unauthenticated users.
If a user can inject a WP REST API endpoint via a SQL injection, then the WP REST API can be used to perform any
CVE-2022-1940 Jira integration in GitLab EE is vulnerable to stored cross-site scripting, and is affected by versions 13.11-14.9.5, 14.10-14.10.4, and 15.0-15.0.1
The proof of concept (PoC) code is as follows: function doit() { var target = ‘URL of GitLab EE>'; alert(‘You clicked on “‘ + target + ’”!’); } When
CVE-2020-28246 A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0
y layources day type causeeedbasedsh• little Tr pict Rich39 condver coll Friday Wednesdayife known Theseuty homegin she growthinedforceWhileer stageSoilies maybe pol learn Trans told07iny previous41&
CVE-2022-22767 The BD Pyxis™ products had default credentials and may still operate with them.
Threat actors may also be able to change the local operating system or domain-joined server(s) credentials to their own choice to provide their own
Episode
00:00:00
00:00:00