Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-22681PUBLISHED: 2022-07-06Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVE-2022-31856PUBLISHED: 2022-07-05Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVE-2022-32310PUBLISHED: 2022-07-05An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
CVE-2022-32311PUBLISHED: 2022-07-05Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
CVE-2022-32413PUBLISHED: 2022-07-05An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
User Rank: Apprentice
12/30/2016 | 6:41:26 AM
The agency teams of the FBI and DHS as well as the initiating analysis of CrowdStrike under the direction of Dmitri Apelovitch would really do justice to their findings to ammend their report with an analysis section discussing this high probability attack vector.