Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48161PUBLISHED: 2023-02-01Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
CVE-2023-0341PUBLISHED: 2023-02-01
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the ...
CVE-2023-23924PUBLISHED: 2023-02-01
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call...
CVE-2023-24241PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
CVE-2023-24956PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
User Rank: Apprentice
10/30/2015 | 12:57:31 PM
The Chinese regime has growingly become dependent upon foreign supplies of oil, natural gas and other commodities through secure sea-lanes while the Chinese cyber expertise has become a domestic resource in itself that is as important as the energy supplies for the survival of the regime and its economic development.
Best regards,
Xavier Alfonsi
Analyst in naval and naval aviation affairs and in cyberdefense in Asia-Pacific from original sources in Chinese