‼ CVE-2020-17383 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36343 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41928 ‼
📖 Read
via "National Vulnerability Database".
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21715 ‼
📖 Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45226 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46451 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21711 ‼
📖 Read
via "National Vulnerability Database".
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36349 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21710 ‼
📖 Read
via "National Vulnerability Database".
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42168 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45225 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43589 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45224 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43588 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45222 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43420 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36342 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23126 ‼
📖 Read
via "National Vulnerability Database".
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45223 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.📖 Read
via "National Vulnerability Database".
❌ Surge in Malicious QR Codes Sparks FBI Alert ❌
📖 Read
via "Threat Post".
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.📖 Read
via "Threat Post".
Threat Post
Surge in Malicious QR Codes Sparks FBI Alert
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data, money and drop malware.
🕴 The Case for Backing Up Source Code 🕴
📖 Read
via "Dark Reading".
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.📖 Read
via "Dark Reading".
Dark Reading
The Case for Backing Up Source Code
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.