‼ CVE-2022-22854 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23367 ‼
📖 Read
via "National Vulnerability Database".
Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39079 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45392 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39080 ‼
📖 Read
via "National Vulnerability Database".
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593.📖 Read
via "National Vulnerability Database".
🔏 Federal Advisory Highlights Increased Globalized Ransomware Threat 🔏
📖 Read
via "".
A joint advisory on ransomware issued by the FBI, CISA, and the NSA recapped ransomware activity in 2021 and showed why the threat continues to loom large for enterprises.📖 Read
via "".
‼ CVE-2022-0579 ‼
📖 Read
via "National Vulnerability Database".
Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-16864 ‼
📖 Read
via "National Vulnerability Database".
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25150 ‼
📖 Read
via "National Vulnerability Database".
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24988 ‼
📖 Read
via "National Vulnerability Database".
In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45347 ‼
📖 Read
via "National Vulnerability Database".
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45346 ‼
📖 Read
via "National Vulnerability Database".
A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43106 ‼
📖 Read
via "National Vulnerability Database".
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45348 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).📖 Read
via "National Vulnerability Database".
🕴 8 of the Biggest Cybersecurity M&As & Investment Deals in 2021 🕴
📖 Read
via "Dark Reading".
There were more financial deals in cybersecurity last year than in any previous year.📖 Read
via "Dark Reading".
Dark Reading
8 of the Biggest Cybersecurity M&As & Investment Deals in 2021
There were more financial deals in cybersecurity last year than in any previous year.
🕴 San Francisco 49ers Hit With a Ransomware Attack 🕴
📖 Read
via "Dark Reading".
AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.📖 Read
via "Dark Reading".
Dark Reading
San Francisco 49ers Hit With a Ransomware Attack
AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.
⚠ Adobe fixes zero-day exploit in e-commerce code: update now! ⚠
📖 Read
via "Naked Security".
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-23638 ‼
📖 Read
via "National Vulnerability Database".
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46463 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23336 ‼
📖 Read
via "National Vulnerability Database".
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46461 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.📖 Read
via "National Vulnerability Database".