βΌ CVE-2022-26157 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43086 βΌ
π Read
via "National Vulnerability Database".
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".π Read
via "National Vulnerability Database".
βΌ CVE-2021-44340 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403".π Read
via "National Vulnerability Database".
βΌ CVE-2022-26155 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24712 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for March 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for March 2022
New web targets for the discerning hacker
β Toyota to Close Japan Plants After Suspected Cyberattack β
π Read
via "Threat Post".
The plants will shut down on Tuesday, halting about a third of the companyβs global production. Toyota doesnβt know how long the 14 plants will be unplugged.π Read
via "Threat Post".
Threat Post
Toyota to Close Japan Plants After Suspected Cyberattack
The plants will shut down on Tuesday, halting about a third of the companyβs global production. Toyota doesnβt know how long the 14 plants will be unplugged.
π΄ Researchers Warn of Stealthy Chinese Backdoor Targeting Multiple Foreign Agencies π΄
π Read
via "Dark Reading".
A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.π Read
via "Dark Reading".
Dark Reading
Researchers Warn of Stealthy Chinese Backdoor Targeting Multiple Foreign Agencies
A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.
π1
β Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers? β
π Read
via "Naked Security".
Calling all website coders: Y2K was then. V1H is now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Instagram scammers as busy as ever: passwords and 2FA codes at risk β
π Read
via "Naked Security".
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...π Read
via "Naked Security".
βΌ CVE-2021-44331 βΌ
π Read
via "National Vulnerability Database".
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().π Read
via "National Vulnerability Database".
βΌ CVE-2021-44342 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494".π Read
via "National Vulnerability Database".
π New Report Pushes for Strong Intellectual Property Protection π
π Read
via "".
The report encourages the United States to engage like-minded partners on new tools to counter IP theft and better protect IP at home for trade purposes.π Read
via "".
β Ukraine-Russia Cyber Warzone Splits Cyber Underground β
π Read
via "Threat Post".
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.π Read
via "Threat Post".
Threat Post
Ukraine-Russia Cyber Warzone Splits Cyber Underground
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.
βΌ CVE-2022-26315 βΌ
π Read
via "National Vulnerability Database".
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25023 βΌ
π Read
via "National Vulnerability Database".
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25013 βΌ
π Read
via "National Vulnerability Database".
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22845 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25014 βΌ
π Read
via "National Vulnerability Database".
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41112 βΌ
π Read
via "National Vulnerability Database".
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25015 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.π Read
via "National Vulnerability Database".