βΌ CVE-2021-45886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45887 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45888 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.π Read
via "National Vulnerability Database".
β Alleged Kaseya ransomware attacker arrives in Texas for trial β
π Read
via "Naked Security".
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...π Read
via "Naked Security".
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
The US Independence Day weekend of 2021 wasnβt much of a holiday for cybersecurity staff. That was when the Kaseya attack unfoldedβ¦
βΌ CVE-2022-0938 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0940 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22721 βΌ
π Read
via "National Vulnerability Database".
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22720 βΌ
π Read
via "National Vulnerability Database".
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smugglingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22719 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23943 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.π Read
via "National Vulnerability Database".
ποΈ βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset ποΈ
π Read
via "The Daily Swig".
Lapsu$ threat actors have been linked to the cyber-attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset
Lapsu$ threat actors have been linked to the cyber-attack
β Cybercrooksβ Political In-Fighting Threatens the West β
π Read
via "Threat Post".
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.π Read
via "Threat Post".
Threat Post
Cybercrooksβ Political In-Fighting Threatens the West
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.
βΌ CVE-2022-0941 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24385 βΌ
π Read
via "National Vulnerability Database".
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24387 βΌ
π Read
via "National Vulnerability Database".
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010π Read
via "National Vulnerability Database".
βΌ CVE-2022-24386 βΌ
π Read
via "National Vulnerability Database".
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24384 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
π΄ Governments Should Decide Who Gets to Buy Spyware π΄
π Read
via "Dark Reading".
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.π Read
via "Dark Reading".
Dark Reading
Governments Should Decide Who Gets to Buy Spyware
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.
ποΈ Data breach at US heart disease treatment center impacts 287,000 individuals ποΈ
π Read
via "The Daily Swig".
South Denver Cardiology Associates admits hackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack
βΌ CVE-2022-0700 βΌ
π Read
via "National Vulnerability Database".
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0165 βΌ
π Read
via "National Vulnerability Database".
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated usersπ Read
via "National Vulnerability Database".