🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25445 ‼

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25428 ‼

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25447 ‼

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.

📖 Read

via "National Vulnerability Database".
251 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25431 ‼

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26265 ‼

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25581 ‼

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

📖 Read

via "National Vulnerability Database".
296 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26267 ‼

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

📖 Read

via "National Vulnerability Database".
304 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25390 ‼

DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.

📖 Read

via "National Vulnerability Database".
351 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25578 ‼

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

📖 Read

via "National Vulnerability Database".
437 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25389 ‼

DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.

📖 Read

via "National Vulnerability Database".
512 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26266 ‼

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

📖 Read

via "National Vulnerability Database".
597 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27226 ‼

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

📖 Read

via "National Vulnerability Database".
673 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0991 ‼

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

📖 Read

via "National Vulnerability Database".
709 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24125 ‼

The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.

📖 Read

via "National Vulnerability Database".
682 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24126 ‼

A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.

📖 Read

via "National Vulnerability Database".
734 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25462 ‼

Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

📖 Read

via "National Vulnerability Database".
614 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-26007 ‼

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

📖 Read

via "National Vulnerability Database".
595 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42194 ‼

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

📖 Read

via "National Vulnerability Database".
575 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-39384 ‼

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.

📖 Read

via "National Vulnerability Database".
553 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-26008 ‼

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

📖 Read

via "National Vulnerability Database".
563 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-39383 ‼

DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.

📖 Read

via "National Vulnerability Database".
601 views