Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42052PUBLISHED: 2022-08-16IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.
CVE-2022-25799PUBLISHED: 2022-08-16
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site...
CVE-2022-38235PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
CVE-2022-38236PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
CVE-2022-38237PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
User Rank: Ninja
12/8/2014 | 4:47:55 PM
@Joe Exactly. This is the real truth of it all. It is blatantly evident that most enterprise security is well behind the abilities of serious hackers.
Those in positions of responsibility should understand this - but often they "drink their own Kool-Aid". Admit there are only so many things that can be done once compromised and it is just a matter of time before you are.
So when the act does happen - you immediate cut losses and that means among other considerations - to "Shut it Down ! "