βΌ CVE-2022-25389 βΌ
π Read
via "National Vulnerability Database".
DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26266 βΌ
π Read
via "National Vulnerability Database".
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27226 βΌ
π Read
via "National Vulnerability Database".
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0991 βΌ
π Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24125 βΌ
π Read
via "National Vulnerability Database".
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24126 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25462 βΌ
π Read
via "National Vulnerability Database".
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26007 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42194 βΌ
π Read
via "National Vulnerability Database".
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39384 βΌ
π Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26008 βΌ
π Read
via "National Vulnerability Database".
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39383 βΌ
π Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.π Read
via "National Vulnerability Database".
ποΈ Rust patches sneaky ReDoS bug ποΈ
π Read
via "The Daily Swig".
Regex defenses restored to thwart resource consumption trapπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rust patches sneaky ReDoS bug
Regex defenses restored to thwart resource consumption trap
π΄ Crowdsourced Efforts Get Leveraged in Ukraine Conflict π΄
π Read
via "Dark Reading".
The battle is not just being waged in the physical world β it's also happening online. And average people are taking part, not just governments.π Read
via "Dark Reading".
Dark Reading
Crowdsourced Efforts Get Leveraged in Ukraine Conflict
The battle is not just being waged in the physical world β it's also happening online. And average people are taking part, not just governments.
π΄ Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy π΄
π Read
via "Dark Reading".
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.π Read
via "Dark Reading".
Dark Reading
Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.
π΄ Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week π΄
π Read
via "Dark Reading".
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.π Read
via "Dark Reading".
Dark Reading
Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.
βΌ CVE-2022-1035 βΌ
π Read
via "National Vulnerability Database".
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25570 βΌ
π Read
via "National Vulnerability Database".
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.π Read
via "National Vulnerability Database".
β Bridgestone Hit as Ransomware Torches Toyota Supply Chain β
π Read
via "Threat Post".
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.π Read
via "Threat Post".
Threat Post
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.
β OpenSSL patches infinite-loop DoS bug in certificate verification β
π Read
via "Naked Security".
When it comes to writing loops in your code... never sit on the fence!π Read
via "Naked Security".
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
When it comes to writing loops in your code⦠never sit on the fence!
π1
βΌ CVE-2020-24772 βΌ
π Read
via "National Vulnerability Database".
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).π Read
via "National Vulnerability Database".