🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-16864 ‼

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.

📖 Read

via "National Vulnerability Database".
177 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25150 ‼

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24988 ‼

In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45347 ‼

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45346 ‼

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43106 ‼

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45348 ‼

An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 8 of the Biggest Cybersecurity M&As & Investment Deals in 2021 🕴

There were more financial deals in cybersecurity last year than in any previous year.

📖 Read

via "Dark Reading".
Dark Reading
8 of the Biggest Cybersecurity M&As & Investment Deals in 2021
There were more financial deals in cybersecurity last year than in any previous year.
156 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 San Francisco 49ers Hit With a Ransomware Attack 🕴

AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.

📖 Read

via "Dark Reading".
Dark Reading
San Francisco 49ers Hit With a Ransomware Attack
AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.
173 views
🛡 Cybersecurity & Privacy 🛡 - News
âš  Adobe fixes zero-day exploit in e-commerce code: update now! âš 

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
164 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23638 ‼

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-46463 ‼

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23336 ‼

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-46461 ‼

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.

📖 Read

via "National Vulnerability Database".
133 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0583 ‼

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

📖 Read

via "National Vulnerability Database".
133 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23389 ‼

PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23902 ‼

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23410 ‼

AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.

📖 Read

via "National Vulnerability Database".
115 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-23992 ‼

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

📖 Read

via "National Vulnerability Database".
117 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24206 ‼

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24704 ‼

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.

📖 Read

via "National Vulnerability Database".
125 views