π¦Ώ REvil gang member arrests strike fear among cybercriminals on the Dark Web π¦Ώ
π Read
via "Tech Republic".
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.π Read
via "Tech Republic".
TechRepublic
REvil gang member arrests strike fear among cybercriminals on the Dark Web
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
π CISA Adds 17 Vulnerabilities to Exploited Bug Catalog π
π Read
via "".
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.π Read
via "".
Digital Guardian
CISA Adds 17 Vulnerabilities to Exploited Bug Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added 17 vulnerabilities to its list of bugs actively being exploited in attacks. Federal agencies need to fix 10 of them by next week.
β Dark Souls 3 Servers Shut Down Due to Critical RCE Bug β
π Read
via "Threat Post".
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.π Read
via "Threat Post".
Threat Post
Dark Souls 3 Servers Shut Down Due to Critical RCE Bug
The bug can allow attackers to remotely execute code on gamersβ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
βΌ CVE-2021-41930 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17383 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36343 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41928 βΌ
π Read
via "National Vulnerability Database".
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21715 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45226 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46451 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21711 βΌ
π Read
via "National Vulnerability Database".
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36349 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21710 βΌ
π Read
via "National Vulnerability Database".
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42168 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45225 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43589 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45224 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43588 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45222 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43420 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36342 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".