Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-22681PUBLISHED: 2022-07-06Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVE-2022-31856PUBLISHED: 2022-07-05Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVE-2022-32310PUBLISHED: 2022-07-05An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
CVE-2022-32311PUBLISHED: 2022-07-05Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
CVE-2022-32413PUBLISHED: 2022-07-05An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
User Rank: Apprentice
4/11/2014 | 5:34:40 PM
Most data breaches and data loss from public cloud platforms are the result of inadvertent user action. That informs a certain approach to discovery, clasification, and control; there are well-known ways to create DLP policies that minimize the accidental breach risk, for example. Tom Scholtz over at Gartner has a really interesting take on the concept of people-centric security and how companies are using it to do this kind of work in a cloud-friendly way: http://my.gartner.com/portal/server.pt?open=512&objID=202&mode=2&PageID=5553&ref=webinar-rss&resId=2546716&srcId=1-2949089475