βΌ CVE-2022-0880 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26533 βΌ
π Read
via "National Vulnerability Database".
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26967 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26966 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45889 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45887 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45888 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.π Read
via "National Vulnerability Database".
β Alleged Kaseya ransomware attacker arrives in Texas for trial β
π Read
via "Naked Security".
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...π Read
via "Naked Security".
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
The US Independence Day weekend of 2021 wasnβt much of a holiday for cybersecurity staff. That was when the Kaseya attack unfoldedβ¦
βΌ CVE-2022-0938 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0940 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22721 βΌ
π Read
via "National Vulnerability Database".
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22720 βΌ
π Read
via "National Vulnerability Database".
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smugglingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22719 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23943 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.π Read
via "National Vulnerability Database".
ποΈ βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset ποΈ
π Read
via "The Daily Swig".
Lapsu$ threat actors have been linked to the cyber-attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset
Lapsu$ threat actors have been linked to the cyber-attack
β Cybercrooksβ Political In-Fighting Threatens the West β
π Read
via "Threat Post".
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.π Read
via "Threat Post".
Threat Post
Cybercrooksβ Political In-Fighting Threatens the West
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.
βΌ CVE-2022-0941 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24385 βΌ
π Read
via "National Vulnerability Database".
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24387 βΌ
π Read
via "National Vulnerability Database".
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010π Read
via "National Vulnerability Database".
βΌ CVE-2022-24386 βΌ
π Read
via "National Vulnerability Database".
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".