‼ CVE-2022-23097 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45435 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25905 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23096 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.📖 Read
via "National Vulnerability Database".
🦿 Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January 🦿
📖 Read
via "Tech Republic".
The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.📖 Read
via "Tech Republic".
TechRepublic
Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January
The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
🕴 The Looming CISO Mental Health Crisis — and What to Do About It, Part 1 🕴
📖 Read
via "Dark Reading".
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.📖 Read
via "Dark Reading".
Dark Reading
The Looming CISO Mental Health Crisis — and What to Do About It, Part 1
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.
‼ CVE-2021-34073 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22294 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45898 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45897 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40395 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45899 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 1/28 🔏
📖 Read
via "".
The Linux PolicyKit bug, $770 million lost in social media scams, and more - catch up on the infosec news of the week with the Friday Five!📖 Read
via "".
‼ CVE-2021-40423 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22799 ‼
📖 Read
via "National Vulnerability Database".
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23727 ‼
📖 Read
via "National Vulnerability Database".
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22819 ‼
📖 Read
via "National Vulnerability Database".
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31567 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26264 ‼
📖 Read
via "National Vulnerability Database".
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40407 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-3735 ‼
📖 Read
via "National Vulnerability Database".
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.📖 Read
via "National Vulnerability Database".