β Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ β
π Read
via "Threat Post".
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.π Read
via "Threat Post".
Threat Post
Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
βΌ CVE-2022-25488 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25497 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45848 βΌ
π Read
via "National Vulnerability Database".
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25494 βΌ
π Read
via "National Vulnerability Database".
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25485 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25486 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25492 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25491 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25489 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25498 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25490 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25495 βΌ
π Read
via "National Vulnerability Database".
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25493 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25487 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.π Read
via "National Vulnerability Database".
π΄ Mobile App Developers Leave Behind 2,100 Open Databases π΄
π Read
via "Dark Reading".
A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.π Read
via "Dark Reading".
Dark Reading
Mobile App Developers Leave Behind 2,100 Open Databases
A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.
π΄ NAS Vendor Says Several of Its Products Likely Contain Linux 'Dirty Pipe' Flaw π΄
π Read
via "Dark Reading".
QNAP's disclosure this week is the latest reminder of the potentially wide impact of privilege escalation flaw in the Linux kernel.π Read
via "Dark Reading".
Dark Reading
NAS Vendor Says Several of Its Products Likely Contain Linux 'Dirty Pipe' Flaw
QNAP's disclosure this week is the latest reminder of the potentially wide impact of privilege escalation flaw in the Linux kernel.
βΌ CVE-2021-29134 βΌ
π Read
via "National Vulnerability Database".
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23989 βΌ
π Read
via "National Vulnerability Database".
In Stormshield Network Security (SNS) 3.7.6 through 3.7.24, 3.11.1 through 3.11.12, 4.2.1 through 4.2.9, and 4.3.0 through 4.3.4, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.π Read
via "National Vulnerability Database".
π΄ Private Equity Firm Snaps Up RSA Conference π΄
π Read
via "Dark Reading".
Crosspoint Capital Partners, along with Clearlake Capital Group and Symphony Technology Group, are setting up RSA Conference as a separate company from RSA Security.π Read
via "Dark Reading".
Dark Reading
Private Equity Firm Snaps Up RSA Conference
Crosspoint Capital Partners, along with Clearlake Capital Group and Symphony Technology Group, are setting up RSA Conference as a separate company from RSA Security.
βΌ CVE-2022-27004 βΌ
π Read
via "National Vulnerability Database".
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".