CVE-2022-2066
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
Crypto Market Sinks Below $1 Trillion
Bitcoin plunged to the lowest in about 18 months after the freezing of withdrawals by the Celsius lending platform added to concern that systemic risk in the crypto ecosystem will…
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Amazon Set To Launch Drone Delivery in California
The drones are coming as Amazon announces Monday that it’s launching a fleet of delivery drones. The retail giant will test its new Amazon Prime Air delivery system in Lockeford,…
CVE-2022-22259
There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device.
Crypto Lender Celsius Pauses Withdrawals, Transfers Citing ‘Extreme Market Conditions’
Celsius Network, one of the biggest crypto lenders, told customers Sunday evening that it is pausing withdrawals, swap, and transfers between accounts in a move that has sparked discussions and…
CVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
SharpEventPersist – Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file “C:pathtoshellcode.bin” -instanceid 1337 -source Persistence -eventlog “Key Management Service”. The shellcode is converted to…
CVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin’–