βΌ CVE-2022-24711 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26158 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26156 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44339 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712".π Read
via "National Vulnerability Database".
βΌ CVE-2021-44334 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" .π Read
via "National Vulnerability Database".
βΌ CVE-2022-26157 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43086 βΌ
π Read
via "National Vulnerability Database".
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".π Read
via "National Vulnerability Database".
βΌ CVE-2021-44340 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403".π Read
via "National Vulnerability Database".
βΌ CVE-2022-26155 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24712 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for March 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for March 2022
New web targets for the discerning hacker
β Toyota to Close Japan Plants After Suspected Cyberattack β
π Read
via "Threat Post".
The plants will shut down on Tuesday, halting about a third of the companyβs global production. Toyota doesnβt know how long the 14 plants will be unplugged.π Read
via "Threat Post".
Threat Post
Toyota to Close Japan Plants After Suspected Cyberattack
The plants will shut down on Tuesday, halting about a third of the companyβs global production. Toyota doesnβt know how long the 14 plants will be unplugged.
π΄ Researchers Warn of Stealthy Chinese Backdoor Targeting Multiple Foreign Agencies π΄
π Read
via "Dark Reading".
A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.π Read
via "Dark Reading".
Dark Reading
Researchers Warn of Stealthy Chinese Backdoor Targeting Multiple Foreign Agencies
A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.
π1
β Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers? β
π Read
via "Naked Security".
Calling all website coders: Y2K was then. V1H is now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Instagram scammers as busy as ever: passwords and 2FA codes at risk β
π Read
via "Naked Security".
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...π Read
via "Naked Security".
βΌ CVE-2021-44331 βΌ
π Read
via "National Vulnerability Database".
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().π Read
via "National Vulnerability Database".
βΌ CVE-2021-44342 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494".π Read
via "National Vulnerability Database".
π New Report Pushes for Strong Intellectual Property Protection π
π Read
via "".
The report encourages the United States to engage like-minded partners on new tools to counter IP theft and better protect IP at home for trade purposes.π Read
via "".
β Ukraine-Russia Cyber Warzone Splits Cyber Underground β
π Read
via "Threat Post".
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.π Read
via "Threat Post".
Threat Post
Ukraine-Russia Cyber Warzone Splits Cyber Underground
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.
βΌ CVE-2022-26315 βΌ
π Read
via "National Vulnerability Database".
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25023 βΌ
π Read
via "National Vulnerability Database".
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.π Read
via "National Vulnerability Database".