‼ CVE-2022-24262 ‼
📖 Read
via "National Vulnerability Database".
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 2/4 🔏
📖 Read
via "".
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 2/4
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!
🕴 Expert Insights: Training the Data Elephant in the AI Room 🕴
📖 Read
via "Dark Reading".
Be aware of the risk of inadvertent data exposure in machine learning systems.📖 Read
via "Dark Reading".
Dark Reading
Expert Insights: Training the Data Elephant in the AI Room
Be aware of the risk of inadvertent data exposure in machine learning systems.
‼ CVE-2021-29394 ‼
📖 Read
via "National Vulnerability Database".
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24249 ‼
📖 Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29397 ‼
📖 Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23470 ‼
📖 Read
via "National Vulnerability Database".
This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29395 ‼
📖 Read
via "National Vulnerability Database".
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24129 ‼
📖 Read
via "National Vulnerability Database".
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23507 ‼
📖 Read
via "National Vulnerability Database".
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29398 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45408 ‼
📖 Read
via "National Vulnerability Database".
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29393 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23497 ‼
📖 Read
via "National Vulnerability Database".
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45429 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24448 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29396 ‼
📖 Read
via "National Vulnerability Database".
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.📖 Read
via "National Vulnerability Database".
🕴 The 3 Most Common Causes of Data Breaches in 2021 🕴
📖 Read
via "Dark Reading".
Phishing, Smishing, BEC📖 Read
via "Dark Reading".
Dark Reading
The 3 Most Common Causes of Data Breaches in 2021
Phishing, smishing, and business email compromise continue to do their dirty work.
‼ CVE-2022-23329 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46671 ‼
📖 Read
via "National Vulnerability Database".
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23330 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.📖 Read
via "National Vulnerability Database".