π Lynis Auditing Tool 3.0.7 π
π Read
via "Packet Storm Security".
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Lynis Auditing Tool 3.0.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ RCE bug chain patched in CentOS Web Panel ποΈ
π Read
via "The Daily Swig".
Shell injected on servers via bypass of local file inclusion defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RCE bug chain patched in Control Web Panel
Shell injected on servers via bypass of local file inclusion defenses
βΌ CVE-2021-41472 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23437 βΌ
π Read
via "National Vulnerability Database".
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4088 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40596 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40909 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41471 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40907 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40908 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.π Read
via "National Vulnerability Database".
ποΈ F5 fixes high-risk NGINX Controller vulnerability in January patch rollout ποΈ
π Read
via "The Daily Swig".
Brace for impactπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
F5 fixes high-risk NGINX Controller vulnerability in January patch rollout
Brace for impact
βΌ CVE-2021-35005 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41660 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41929 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41658 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41659 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.π Read
via "National Vulnerability Database".
π΄ Ransomware Operators Are Feeling the Heat π΄
π Read
via "Dark Reading".
Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.π Read
via "Dark Reading".
Dark Reading
Ransomware Operators Are Feeling the Heat
Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.
π¦Ώ REvil gang member arrests strike fear among cybercriminals on the Dark Web π¦Ώ
π Read
via "Tech Republic".
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.π Read
via "Tech Republic".
TechRepublic
REvil gang member arrests strike fear among cybercriminals on the Dark Web
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
π CISA Adds 17 Vulnerabilities to Exploited Bug Catalog π
π Read
via "".
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.π Read
via "".
Digital Guardian
CISA Adds 17 Vulnerabilities to Exploited Bug Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.
β Dark Souls 3 Servers Shut Down Due to Critical RCE Bug β
π Read
via "Threat Post".
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.π Read
via "Threat Post".
Threat Post
Dark Souls 3 Servers Shut Down Due to Critical RCE Bug
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
βΌ CVE-2021-41930 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.π Read
via "National Vulnerability Database".