βΌ CVE-2021-4088 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40596 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40909 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41471 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40907 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40908 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.π Read
via "National Vulnerability Database".
ποΈ F5 fixes high-risk NGINX Controller vulnerability in January patch rollout ποΈ
π Read
via "The Daily Swig".
Brace for impactπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
F5 fixes high-risk NGINX Controller vulnerability in January patch rollout
Brace for impact
βΌ CVE-2021-35005 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41660 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41929 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41658 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41659 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.π Read
via "National Vulnerability Database".
π΄ Ransomware Operators Are Feeling the Heat π΄
π Read
via "Dark Reading".
Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.π Read
via "Dark Reading".
Dark Reading
Ransomware Operators Are Feeling the Heat
Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.
π¦Ώ REvil gang member arrests strike fear among cybercriminals on the Dark Web π¦Ώ
π Read
via "Tech Republic".
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.π Read
via "Tech Republic".
TechRepublic
REvil gang member arrests strike fear among cybercriminals on the Dark Web
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
π CISA Adds 17 Vulnerabilities to Exploited Bug Catalog π
π Read
via "".
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.π Read
via "".
Digital Guardian
CISA Adds 17 Vulnerabilities to Exploited Bug Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.
β Dark Souls 3 Servers Shut Down Due to Critical RCE Bug β
π Read
via "Threat Post".
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.π Read
via "Threat Post".
Threat Post
Dark Souls 3 Servers Shut Down Due to Critical RCE Bug
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
βΌ CVE-2021-41930 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17383 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36343 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41928 βΌ
π Read
via "National Vulnerability Database".
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21715 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.π Read
via "National Vulnerability Database".