π’ CISOs reveal secrets to pandemic success in critical organisations π’
π Read
via "ITPro".
The pandemic presented unique challenges for every business, but organisations tasked with delivering critical services may have worked the hardestπ Read
via "ITPro".
IT PRO
CISOs reveal secrets to pandemic success in critical organisations | IT PRO
The pandemic presented unique challenges for every business, but organisations tasked with delivering critical services may have worked the hardest
βΌ CVE-2022-0501 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38172 βΌ
π Read
via "National Vulnerability Database".
perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0502 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23206 βΌ
π Read
via "National Vulnerability Database".
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.π Read
via "National Vulnerability Database".
ποΈ Suspected data breach at Washington State Department of Licensing ποΈ
π Read
via "The Daily Swig".
Agency pulls POLARIS platform offline as investigation continuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Suspected data breach at Washington State Department of Licensing
Agency pulls POLARIS platform offline as investigation continues
βΌ CVE-2022-0474 βΌ
π Read
via "National Vulnerability Database".
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0473 βΌ
π Read
via "National Vulnerability Database".
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23320 βΌ
π Read
via "National Vulnerability Database".
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.π Read
via "National Vulnerability Database".
π΄ Name That Edge Toon: Head of the Table π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Head of the Table
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
ποΈ Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation ποΈ
π Read
via "The Daily Swig".
Attackers have targeted mailboxes βin multiple waves across two attack phasesβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation
Attackers have targeted mailboxes βin multiple waves across two attack phasesβ
π΄ Log4j: Getting From Stopgap Remedies to Long-Term Solutions π΄
π Read
via "Dark Reading".
This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.π Read
via "Dark Reading".
Dark Reading
Log4j: Getting From Stopgap Remedies to Long-Term Solutions
This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.
βΌ CVE-2021-46389 βΌ
π Read
via "National Vulnerability Database".
IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46359 βΌ
π Read
via "National Vulnerability Database".
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.π Read
via "National Vulnerability Database".
π Scanmycode Community Edition π
π Read
via "Packet Storm Security".
Scanmycode is based on QuantifedCode. QuantifiedCode is a code analysis and automation platform. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses.π Read
via "Packet Storm Security".
Packetstormsecurity
Scanmycode Community Edition β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Equifax finalizes data breach settlement with US regulators ποΈ
π Read
via "The Daily Swig".
Settlement includes up to $425 million to help people affected by 2017 mega breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Equifax finalizes data breach settlement with US regulators
Settlement includes up to $425 million to help people affected by 2017 mega breach
β Microsoft blocks web installation of its own App Installer files β
π Read
via "Naked Security".
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-25114 βΌ
π Read
via "National Vulnerability Database".
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0148 βΌ
π Read
via "National Vulnerability Database".
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24843 βΌ
π Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25077 βΌ
π Read
via "National Vulnerability Database".
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".