Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-29376PUBLISHED: 2022-05-23Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVE-2022-30015PUBLISHED: 2022-05-23In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.
CVE-2022-28999PUBLISHED: 2022-05-23Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.
CVE-2022-29002PUBLISHED: 2022-05-23A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
CVE-2022-31489PUBLISHED: 2022-05-23Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.
User Rank: Apprentice
10/7/2020 | 8:18:39 PM
What happens when the company must make a decision between payment or bankruptcy? when there is no other option to restore the IT systems, if the disaster recovery and business continuity plans are not working?
If a company have appropriated security measures in place but the attack is so sophisticated that the last option to stay in business is to pay the ransom shouldn't it be considered?
Florian