‼ CVE-2022-26265 ‼
📖 Read
via "National Vulnerability Database".
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25581 ‼
📖 Read
via "National Vulnerability Database".
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26267 ‼
📖 Read
via "National Vulnerability Database".
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25390 ‼
📖 Read
via "National Vulnerability Database".
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25578 ‼
📖 Read
via "National Vulnerability Database".
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25389 ‼
📖 Read
via "National Vulnerability Database".
DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26266 ‼
📖 Read
via "National Vulnerability Database".
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27226 ‼
📖 Read
via "National Vulnerability Database".
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0991 ‼
📖 Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24125 ‼
📖 Read
via "National Vulnerability Database".
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24126 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25462 ‼
📖 Read
via "National Vulnerability Database".
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26007 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42194 ‼
📖 Read
via "National Vulnerability Database".
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39384 ‼
📖 Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26008 ‼
📖 Read
via "National Vulnerability Database".
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39383 ‼
📖 Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.📖 Read
via "National Vulnerability Database".
🗓️ Rust patches sneaky ReDoS bug 🗓️
📖 Read
via "The Daily Swig".
Regex defenses restored to thwart resource consumption trap📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rust patches sneaky ReDoS bug
Regex defenses restored to thwart resource consumption trap
🕴 Crowdsourced Efforts Get Leveraged in Ukraine Conflict 🕴
📖 Read
via "Dark Reading".
The battle is not just being waged in the physical world — it's also happening online. And average people are taking part, not just governments.📖 Read
via "Dark Reading".
Dark Reading
Crowdsourced Efforts Get Leveraged in Ukraine Conflict
The battle is not just being waged in the physical world — it's also happening online. And average people are taking part, not just governments.
🕴 Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy 🕴
📖 Read
via "Dark Reading".
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.📖 Read
via "Dark Reading".
Dark Reading
Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.
🕴 Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week 🕴
📖 Read
via "Dark Reading".
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.📖 Read
via "Dark Reading".
Dark Reading
Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.