Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31943PUBLISHED: 2022-07-01MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-32093PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVE-2022-32094PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVE-2022-32095PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
CVE-2022-32384PUBLISHED: 2022-07-01Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.
User Rank: Ninja
4/30/2020 | 10:25:05 PM
I've noticed two commonalities:
1) Too many logs are collected and there isn't AI correlation to make sense of it efficiently so it becomes noise.
or
2) Logging isn't set up in the right places so when an event does happen the security unit is blind to it.