Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33311PUBLISHED: 2022-08-18Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
CVE-2022-25986PUBLISHED: 2022-08-18Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
CVE-2022-28715PUBLISHED: 2022-08-18Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2022-2876PUBLISHED: 2022-08-18
A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
CVE-2022-29487PUBLISHED: 2022-08-18Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
User Rank: Apprentice
6/29/2015 | 3:55:49 AM
We need to move to automation where evidence is gathered automatiacally and once for every aspect we need to report on, so we are not manually taking screenshots for PCI, SOX, HIPPA etc. Setup once, gather as needed and report non compliance for investigation, that way you will be as close to full compliance most of the time.
Compliance does not equal security