CVE-2022-40300 - Deep Dive Into Critical SQL Injection in Zoho ManageEngine Products
In the world of enterprise IT, password management is a big deal. Many companies rely on Zoho’s ManageEngine lineup—including Password Manager Pro, PAM360,
CVE-2022-37251 Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
When a user copies/pastes a message in Drafts, the message is executed in the site context (i.e. the context of the Drafts application)
CVE-2022-30676 Adobes InDesign versions 16.4.2 and earlier are affected by a memory disclosure vulnerability that could be exploited to bypass ASLR.
In addition, it is important to note that InDesign is not directly affected by this issue. However, the updated versions of InDesign received as part
CVE-2022-28854 Adobes InDesign versions 16.4.2 and earlier are affected by a memory disclosure vulnerability that could be exploited to bypass ASLR.
In addition, it is important to note that InDesign is not directly affected by this issue. However, the updated versions of InDesign received as part
CVE-2022-38808 ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
By sending a specially crafted request, a remote attacker may be able to gain access to the system and possibly run arbitrary SQL queries.
There
Episode
00:00:00
00:00:00