βΌ CVE-2021-46561 βΌ
π Read
via "National Vulnerability Database".
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46116 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46115 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29838 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29845 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46383 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΓΒΆΓΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46386 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack vector is: jspx webshell. ΓΒΆΓΒΆ MCMS has a file upload vulnerability through which attacker can upload a webshell. Successful attacks of this vulnerability can result in takeover of MCMSπ Read
via "National Vulnerability Database".
βΌ CVE-2021-46118 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0368 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
β Cybercriminals Love Supply-Chain Chaos: Hereβs How to Protect Your Inbox β
π Read
via "Threat Post".
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.π Read
via "Threat Post".
Threat Post
Cybercriminals Love Supply-Chain Chaos: Hereβs How to Protect Your Inbox
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
π Ransomware Groups Turning to Insiders to Help with Attacks π
π Read
via "".
A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.π Read
via "".
Digital Guardian
Ransomware Groups Turning to Insiders to Help with Attacks
A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.
β New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense β
π Read
via "Threat Post".
Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown.π Read
via "Threat Post".
Threat Post
New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense
Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
βΌ CVE-2022-23993 βΌ
π Read
via "National Vulnerability Database".
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22850 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21686 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23990 βΌ
π Read
via "National Vulnerability Database".
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46114 βΌ
π Read
via "National Vulnerability Database".
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22852 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46385 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ΓΒΆΓΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.π Read
via "National Vulnerability Database".
β βDark Herringβ Billing Malware Swims onto 105M Android Devices β
π Read
via "Threat Post".
The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.π Read
via "Threat Post".
Threat Post
βDark Herringβ Billing Malware Swims onto 105M Android Devices
The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.
π’ Dark Souls servers taken offline after RCE flaw identified π’
π Read
via "ITPro".
Experts say PowerShell scripts could have been launched on other players' machines as a resultπ Read
via "ITPro".
IT PRO
Dark Souls servers taken offline after RCE flaw identified | IT PRO
Experts say PowerShell scripts could have been launched on other players' machines as a result