βΌ CVE-2021-46085 βΌ
π Read
via "National Vulnerability Database".
OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46084 βΌ
π Read
via "National Vulnerability Database".
uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46083 βΌ
π Read
via "National Vulnerability Database".
uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46087 βΌ
π Read
via "National Vulnerability Database".
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34865 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46086 βΌ
π Read
via "National Vulnerability Database".
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46089 βΌ
π Read
via "National Vulnerability Database".
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34868 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46033 βΌ
π Read
via "National Vulnerability Database".
In ForestBlog, as of 2021-12-28, File upload can bypass verification.π Read
via "National Vulnerability Database".
β Tax scam emails are alive and well as US tax season starts β
π Read
via "Naked Security".
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)π Read
via "Naked Security".
Naked Security
Tax scam emails are alive and well as US tax season starts
If in doubt, donβt give it out! (And donβt forget that no reply is often a good reply.)
π΄ Striking a Balance Between Cybersecurity Awareness and Anxiety π΄
π Read
via "Dark Reading".
Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.π Read
via "Dark Reading".
Dark Reading
Striking a Balance Between Cybersecurity Awareness and Anxiety
Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.
π΄ 8 Security Startups to Watch in 2022 π΄
π Read
via "Dark Reading".
Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.π Read
via "Dark Reading".
Dark Reading
8 Security Startups to Watch in 2022
Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.
β New MacOS Malware βDazzleSpyβ Used in Watering-Hole Attacks β
π Read
via "Threat Post".
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a new macOS backdoor that researchers dubbed DazzleSpy.π Read
via "Threat Post".
Threat Post
MacOS Malware βDazzleSpyβ Used in Watering-Hole Attacks
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
βΌ CVE-2022-0351 βΌ
π Read
via "National Vulnerability Database".
Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39031 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.π Read
via "National Vulnerability Database".
β Cyberattacks on Squid Game Minecraft Tourney Take Down Andorraβs Internet β
π Read
via "Threat Post".
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.π Read
via "Threat Post".
Threat Post
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorraβs Internet
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
β Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin β
π Read
via "Threat Post".
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.π Read
via "Threat Post".
Threat Post
Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
β Segway Hit by Magecart Attack Hiding in a Favicon β
π Read
via "Threat Post".
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.π Read
via "Threat Post".
Threat Post
Segway Hit by Magecart Attack Hiding in a Favicon
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
βΌ CVE-2022-0333 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23020 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45729 βΌ
π Read
via "National Vulnerability Database".
The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.π Read
via "National Vulnerability Database".